Additional 4 characters on passwords

BNNatale
BNNatale
Community Member
in Lounge

I saw an article suggesting adding 4 extra special characters to passwords. The passwords that are saved by 1pass are populated in the site you're going to, then you add your extra 4 to complete it and sign in. It gives your online activity extra security in case the cloud storage is hacked.
Is this possible with 1pass ?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @BNNatale!

    Perhaps I am misunderstanding: are you suggesting to store just a partial password inside 1Password, and manually type another part whenever you login to any website?

  • [Deleted User]
    [Deleted User]
    Community Member

    @ag_ana I think @BNNatale is talking about password peppering.
    https://passwordbits.com/salting-passwords/
    Its intended to protect against the compromise of a password manager and I sometimes suggest it to people who are concerned about "putting all their eggs in one basket". However, I have not tried using it with 1Password.

  • ag_ana
    ag_ana
    1Password Alumni

    @rootzero:

    Agreed, I think that's it too. In that case, to answer the original question:

    Is this possible with 1pass ?

    It is indeed possible, since the additional part of the password would not be stored in 1Password, and would have to be entered manually, so 1Password does not even know it exists (which is the entire point of the theory, I suppose).

  • BNNatale
    BNNatale
    Community Member

    thanks for the verification.

  • ag_ana
    ag_ana
    1Password Alumni

    You are very welcome @BNNatale :+1:

  • XIII
    XIII
    Community Member
    edited August 2021

    But what happens when your password manager gets hacked and one of the sites you use as well?

    Wouldn't that reveal your salt (for all entries in the password manager)?

  • [Deleted User]
    [Deleted User]
    Community Member

    @XIII I don't think its worth the bother because it doesn't provide much protection for that reason. If you use the same salt for all your passwords and over time a few of your sites get compromised then you need to change all your passwords for the salt to still be useful. This works against the benefits of a password manager and greatly reduces the convenience.

  • ag_ana
    ag_ana
    1Password Alumni

    @XIII:

    But what happens when your password manager gets hacked and one of the sites you use as well?

    I think the whole point of the theory is that if your password manager gets hacked, that's all you need, while the additional characters only come from somewhere else so the hack of the password manager would not be enough. But like rootzero said, I don't think this is actually worth the effort due the loss of convenience.

This discussion has been closed.