What I like best about the idea of two-factor authentication is the elegant simplicity of the idea – you can’t hack something if you don’t have both parts of the key. And here’s a way to do your own twist on 2FA.
In case you don’t already know what salting is, here’s a link to an article on Privacy Canada. Put very simply, it’s adding an extra, unknown bit to a password. It was originally conceived to save people from themselves when they use common passwords.
They reuse them because it’s hard to remember passwords! And as you doubtless know, everyone is recommending the use of a password manager nowadays – they prevent against password reuse, overly simple passwords and the old Post-it on the computer screen attack vector.
But what if your password manager is hacked? (they have been.) Could it happen in the future? (yes) What to do?
One easy trick is to add your own salt! (i’m sure there’s a good pun about it being healthier to do it yourself, or something about salty sea dogs, or…) I have been using a similar idea for a while but the real credit needs to go to Passwordbits for laying out it so clearly.
Basically, when you go to sign into a site, if you are using something like LastPass they’ll have your credentials stored and offer to fill them in to the form fields for you. Accept and then you add your Special Salt to the end of the password. (finally – a good time to use your dog’s name as part of your password!) Only you know the password as it stands in the password manager is not complete and you don’t have to remember anything except the same word/phrase again and again.
Good tip to combine the strength of a password manager for long, randomized passwords that are nearly unbreakable because of the human element required.
Leave a Reply