![\"\"](\"https:\/\/c2.staticflickr.com\/6\/5735\/20971786578_c870e94ba8_z.jpg\" "\\"https:\/\/www.flickr.com\/photos\/christiaancolen\/20971786578\\"")
<\/p>\n<\/p>\n
I am surprised by the number of people who tell me they use the same password for nearly everything. Even if the password is a strong password this is still incredibly insecure and most people do not realize why.<\/p>\n
If I reuse a password on multiple sites and just one of those sites is compromised, my one password is known by a bad actor.\u00a0 If that password is used for an email account or online storage, all my data could be deleted.\u00a0 If I use the same password for anything that has money attached to it, Amazon, iTunes, bank account, etc., it could be a costly mistake.<\/p>\n
I have used the same password on most of my sites for many years, but that password is altered so that each site appears to have a unique password.\u00a0 Let me explain how it works by showing how my password at Yahoo compares with my password at Google.<\/p>\n
For this example, let us make my password<\/p>\n
Secret1<\/p>\n
If I mix my password with the site I am logging into in such a way that I can reproduce the process in the future, I can come up with a unique password for each site I login to. Here is a simple “hash” of the site and my password.\u00a0 Take the first letter of the site followed by the first letter of my password, and continue to alternate letters from site and password until a “hash” is created.<\/p>\n
For Yahoo my password would be<\/p>\n YSaehcoroet1<\/p>\n For Google my password would be<\/p>\n GSoeocgrleet1<\/p>\n This is called a hash.\u00a0 A hash is a combination of two pieces of data that always produces the same final string of characters.\u00a0 This example alternates letters from the site and letters of my password.<\/p>\n My example hash is simple and someone who has access to my final password would be able to reverse engineer it to determine the master password component of my hash.\u00a0 Then they would be able to use this hash anywhere I use it.<\/p>\n Fortunately, there are many cryptographically strong hash functions available.\u00a0 A strong cryptographic hash cannot be reverse engineered to come up with the original master password.<\/p>\n Here is an example that can be embedded into a web site.<\/p>\n https:\/\/gist.github.com\/windows98SE\/cc024ffb4cf501358edc<\/a><\/p>\n I have embedded this hash algorithm into this page.<\/p>\n https:\/\/www.trustyetc.com\/password<\/a><\/p>\n When I use Yahoo for the Site URL and Secret1 for the Master Password, the resulting hashed password is<\/p>\n 6D97cDf17270<\/p>\n Try it yourself.\u00a0 You will get the same hash as I did with this combination.\u00a0 Keep in mind, both the URL and the password are case sensitive.\u00a0 Now compare the hashed password for Yahoo and Google<\/p>\n 6D97cDf17270 Other than the first digit being the same, there is no similarity in the two hashes.\u00a0 Look at this string of password hashes for Yahoo where Secret1,\u00a0Secret2,\u00a0Secret3, Secret4 and\u00a0Secret5 are used respectively.<\/p>\n 6D97cDf17270 Even though only one letter is changed in my master password, each hash is completely unique.\u00a0 This is a property of a good cryptographic algorithm.<\/p>\n So it is safe to use one password on all your sites, as long as you run that password through a good hash beforehand.<\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" I am surprised by the number of people who tell me they use the same password for nearly everything. Even if the password is a strong password this is still incredibly insecure and most people do not realize why. If … Continue reading ![\"\"](\"http:\/\/www.trustyetc.com\/trustyblog\/wp-content\/uploads\/2018\/08\/passwordhash.gif\")
<\/a><\/p>\n
\n62C36b6F50f1<\/p>\n
\n692BeDc3Af30
\n65D98a7D9bF3
\n48F486d92533
\n70328C6c69Ba<\/p>\n