I have an acquaintance that have their own "password system" that involves having a "core" set of characters, plus a few unique characters for each site; Is that system safe?

throwawayacc0430@sh.itjust.works · 7 days ago

I have an acquaintance that have their own "password system" that involves having a "core" set of characters, plus a few unique characters for each site; Is that system safe?

7uWqKj@lemmy.world · 7 days ago

KeePassXC can tell you if a password is secure (“entropy”, “health check”, they also use an online service to check for leaked/known passwords).

rumschlumpel@feddit.org · 7 days ago

I doubt it can figure out whether a password system is secure. I’d be surprised if “leumSWydThIThBaPl!690720” didn’t get a decent score, though.

Argurotoxus@lemmy.world · 7 days ago

I can’t say with complete certainty, but 1password at least does have a flag if I use the same password for multiple accounts. I don’t know if it’d identify this or not

A_norny_mousse@feddit.org · 7 days ago

The examples above have 24 characters.
They report entropy between 119 and 120.
Completely random examples, A-Z, a-z, 0-9 and only the exclamation mark added, are above 120 across the board, up to 155.
If I add all other character blocks except extended ASCII, entropy goes up to roughly 135-155.
If I add in extended ASCII it ranges from 180 to 255, but this can cause trouble on some setups.

Personally I’d never consider such a short password for an online account.