39
[Question] Is this a secure way to generate passwords
(sh.itjust.works)
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
I mean, do your best, but honestly temper your understanding of your responsibility here.
You may feel responsible, but your employer DOES NOT.
How do I know? Because it's been the NIST guidelines for like a fucking decade already NOT to use such policies because they are EMPIRICALLY PROVEN to REDUCE security and INCREASE the likelihood of a system compromise.
The fact that you're here trying to "solve" a "problem" that was artificially generated by your employer is exactly the reason it's the case. While you personally are diligently considering how to best "solve" it, everyone else is doing something more hack-y and introducing new attack vectors.
So... Long story short, it's awesome you care. Your employer does not.
I'm sorry. My original post did not convey my intentions adequately. The fact that I have to change my password every 3 months is what sparked my curiosity and question for my original post. For work I just generate a password using a password manager and store it on a Yubikey that I use for work purposes when I need to update my password. The question in the post is for a personal Yubikey. I started using a generated password on that one and wondered if adding a prefix password to it, changing the prefix for different applications, would be considered secured.
Lol no, they did reply correctly.