this post was submitted on 12 Mar 2024
40 points (93.5% liked)
Cybersecurity
5687 readers
59 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Why not use the Yubikey for the master password on a KeePass DB (or another password manager) and then use actual different passwords—not just prefixed ones—saved in said password manager for your logins?
It doesn't matter if your base password is a 255 character high-entropy annoying-to-type-manually-on-a-phone-keyboard or a 16 character string of alphanumeric characters if you reuse it in a slightly predictable manner. For it to be somewhat secure, the prefix would have to be completely random, which kinda defeats the idea of you being able to remember them. A "base password" is, to be frank, only one small step up from using the same password everywhere.
And as someone else pointed out, it makes it very difficult to change passwords, which also should be a huge red flag.
Take a look at the leaks on Have I Been Pwned and see how many of them include either clear text passwords or extremely weakly hashed (perhaps even unsalted) passwords. If you show up in just one or two of those, then you're in a significantly worse position than you would be had you just used different passwords.