|
|
|
|
|
|
by UncleMeat
3017 days ago
|
|
|
This is dumb but not that dumb. The method is (mostly) fine given most people's threat model. It solves password reuse and the generated passwords are resistant to dumb brute force. You lose a lot of entropy if people know the method or even know that characters are more likely to be pulled from the domain name but given a good enough seed (the article has seven characters) you are still generally fine. If you are high value target it is obviously awful since you are worth the time for a human to reverse the pattern and break your other passwords. The real reason this is dumb is because it doesn't allow you to change your password, not because your passwords have lower entropy. |
|
|