39
[Question] Is this a secure way to generate passwords
(sh.itjust.works)
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
Why not get a separate password manager for work stuff and use the Yubikey to login to that? That way you get a unique password for each site and don't need to remember a long password for the password manager. So one password slot for work and one for personal password manager, and the rest comes from the password manager.
The main risk is if your password gets compromised, someone could figure out your "algorithm" and get access to the rest. Whether that's likely depends on what you use those passwords for.
I do just that. This Yubikey is not just for websites though. I use it for apps too. Things such as my password manager, login credentials, encryption apps, etc. The idea of using it on websites got me thinking about using a base password and a seed for each app.
Edit: I also want to use it for multiple computers that I have. I use those for things like NAS, Jellyfin, Pi-hole, etc. Mostly those are Raspberry Pis. Using a password manager I'd have to copy-paste or remember each password. Not all have a web interface.
Then pick one that has a web interface or a CLI, Bitwarden has both and is free. KeePass databases can be hosted on your NAS and accessed to CLI tools. There are plenty of options. Or use passphrases (which are just as good as—or better than—complex passwords) and just type them? I use Bitwarden for literally each and every password/lock code/PIN that I have, and I have plenty of Pis and other things that don't let me easily log into Bitwarden, but finding "Excentric4-Waxing-Adopted-Giraffe" on one device, and typing it in another really isn't much of a hassle. (Also, why not just SSH into your Pis? Then you only need to worry about accessing a password manager on the machine you're opening the SSH connection from.)
From the comments on this post it seems that you're mostly looking for validation of the idea you originally had rather than actual feedback on how secure that idea is. You're obviously free to manage your passwords exactly as you want, but this idea of a "base password" is objectively less secure than the alternative put forward by many people in these comments, namely to use the Yubikey to log into a good password manager that then handles all the different (completely unique) passwords.
There are always instances where doing things the best and most secure way is more cumbersome, and it's up to you to decide if you want all of your passwords to be poor (and difficult to change, in this case) just because you occasionally need to log into something that doesn't neatly integrate with a password manager.