As has been mentioned in other articles and Tips & Tricks, we feel that using a Password Manager/Vault is the safest way to store passwords. However, if you’re still on the fence about a password manager due to the worry of a compromised online vault, we suggest “Peppering” your passwords.
“Peppering” is a method of adding a secret “pepper” to a password manager generated login before signing into an account. Let’s say you want to log into your bank account. First, take the complex and unique password your password manager recorded in the vault (we will use 7rWGcc4$LK*D@@29N8). Second, add the “pepper” to the end of 7rWGcc4$LK*D@@29N8. If your “pepper” is GoBraves, your bank account password is now 7rWGcc4$LK*D@@29N8GoBraves. Third, log in to your bank account. When you “pepper” your password, you must add the “peppered” part to the end of your password before you can log into a web site. Without the “peppered” part of the password, your login will fail.
“Peppering” your password will protect against potential breaches of password managers, as the complete password isn’t fully stored in the manager. Cyberthieves can recover your bank account password 7rWGcc4$LK*D@@29N8 if your password manager is hacked, but they won’t be able to log in to your account, because the cyberthieves don’t know to add the “pepper” of GoBraves.
Use one consistent pepper and apply it to the most important accounts, like email or banking, to avoid complexity. Note in your password manager which accounts are “peppered”.
“Peppering” won’t replace multi-factor authentication (MFA) layers on your password manager or other accounts. Rather, it offers another layer of protection should someone make their way past your MFA and get into your vault.
Comments
0 comments
Please sign in to leave a comment.