I had this idea a while back as a way to let you use the same password on different sites without compromising security.
My thought was to 'salt' your same password, based on the name of the website. e.g. instead of just using 'password' I'd use 'passwordcontractoruk' on CUK, 'passwordgoogle' for google, 'passwordnpower', etc, etc.
It's very easy to remember and would be proof against automated attacks which get your plaintext password for one site and try on others. Also it makes breaking your password hash harder since the hashed string is less common.
Of course a human inspecting your password could guess what's going on but in my mind, that's not how these things work. Or is it? Could anyone who knows about this stuff comment on the idea - is there a glaring problem I missed or a bad assumption?
My thought was to 'salt' your same password, based on the name of the website. e.g. instead of just using 'password' I'd use 'passwordcontractoruk' on CUK, 'passwordgoogle' for google, 'passwordnpower', etc, etc.
It's very easy to remember and would be proof against automated attacks which get your plaintext password for one site and try on others. Also it makes breaking your password hash harder since the hashed string is less common.
Of course a human inspecting your password could guess what's going on but in my mind, that's not how these things work. Or is it? Could anyone who knows about this stuff comment on the idea - is there a glaring problem I missed or a bad assumption?
Comment