Subnostr

In light of the recent hack of LastPass, I think it's a good time to bring up password "peppering".

For critical passwords that you store on password managers, consider adding (or subtracting) characters to the password that only you know, and is not kept on the password manager itself.

For instance, say Bitwarden spits out a password for you like 123456. That's what you would store in Bitwarden, but you would add you "pepper" to the end of it (or middle, or beginning) when you signup for a service. So for example you may enter "123456abc", with "abc" being your pepper.

If your passwords were compromised, they wouldn't have your complete password.

Reply to this note

Please Login to reply.

Discussion

⚡Lightning Goats⚡ 2y ago

Or you could use something like keepassxc , store your passwords without a third party honey pot, generate unique passwords for each service, and use unique email aliases for each as well. Eliminate third party services wherever possible and compartmentalize. And hardware second factor authentication while you're at it.

PocketCow 2y ago

Or use pen and paper.