Ever since the Lastpass breach (thankfully moved to Bitwarden and recycled passwords prior) I've had a heightened awareness of the potential for vulnerabilities beyond my paygrade leading to online catastrophe for me. I use Bitwarden to generate a random password for all sites.
If it's something which could truly cause a headache such as my email or banking however, I'll usually append the domain name, or a word, or a symbol to the password such that after my phone or PC's Bitwarden autofill enters the saved password I also need to enter whichever word or symbol for the site. Feels like this gives me some defense if people smarter than me made a mistake, but I guess I have questions for folks who know about hashing/blackmagic/thecyber.
- Would this have any benefit, if one were to put "google" at the end of their Google password, as far as protecting from a password manager exploit?
- No, I don't actually put google or reddit at the end of my password; oops not a question
- Is that already something baddies would know to try? Or did I just play myself by posting this on the internet?
What's the higher likelihood:
p4ssw0rdGOOGLEAND crack your password vault AND see that the password isn't there AND determine what your secret scheme is AND think you're worth spending the effort on?