bram (bram@gawth.com)
Wed, 28 Apr 1999 11:18:38 -0700 (PDT)
On Wed, 28 Apr 1999, Salz, Rich wrote:
> >The alternative is to write them all
> >down in one place
>
> Or pick a random "base" and then add obvious per-site info, as in
> xyzzy.microsoft
> xyzzy.nytimes
> xyzzy.clublove
> etc...
That's a pretty good idea - it reduces significantly the risk of someone
extending a breach of one password to another, since an automated tool
which just reuses all the passwords elsewhere won't work. It still does
allow for breaches of passwords in one place to extend elsewhere though.
-Bram
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:23