this post was submitted on 27 Nov 2023
155 points (89.7% liked)

Asklemmy

43899 readers
1188 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 10 points 11 months ago* (last edited 11 months ago) (2 children)

Yeah knew a guy that used to work at a place where they had him change his password every 2 months or so kinda stupid. Entropy is really all you need to check. Also by special phrases do you mean ~~salting~~ peppering your passwords?

[โ€“] [email protected] 4 points 11 months ago (1 children)
[โ€“] [email protected] 7 points 11 months ago (1 children)

The peppering passwords? That's where you add a special word or phrase in all of your passwords but not in your password manager. It's usually done in case your password manager becomes compromised thats why I got a bit confused with your statement, haha

[โ€“] [email protected] 3 points 11 months ago

Yes, or a general way of putting it anyways.

[โ€“] [email protected] 3 points 11 months ago (1 children)

Salting and peppering isn't something you do; it's something the site does prior to hashing your password and storing the hash.

[โ€“] [email protected] 2 points 11 months ago* (last edited 11 months ago)

Yes you're correct but what I was referring to was using an extra string of characters to protect against a compromised password manager

Edit: Here's a link to bitwarden's website that further clarifies what I meant