Interview With a Hacker: Rachel Tobac Tells You How to Defend Yourself From...Well, Her! - Dashlane Blog
https://blog.dashlane.com/interview-hacker-rachel-tobac/
@voltronic *twitch* Salting passwords with a thing in your head is basically explaining you have no idea what salting is ...
Also that's just two factor something you have and something you know .. the pw in your vault + the add.
Thirdly, just use a password manager and remember one awesome password. When average people have to worry about PW managers (not browser stores) we will have something new to give them
@willsecurity
I know that's not what salting really is, and I'm 100% sure Rachel knows as well. If you read the piece, she puts "salting" in quotes for lack of a better term for it. She was suggesting adding this extra layer (which you correctly identify as MFA) for people paranoid about their master password being cracked. Is it necessary? Probably not, but it would make things just a bit tougher.
Personally, I have Authy backing up my Bitwarden password, and that's good enough for me.
@voltronic Google Auth + Yubikey :)
@willsecurity
I still haven't made the jump to FIDO keys. Someday.
@voltronic doesn't really give much away
as for passwords i use a manager to strengthen but come up with my own paraphrases instead of the password manager generating in for me
on occasion i will generate one but always go back to change it ti a passphrase i come up with
good srticle/story though
@voltronic great interview, now I think social engineering is one of the attacks we don't expect, a friendly conversation can be essential in the attack.
^ The last section where she recommends salting passwords stored in your password manager with a part only stored in your head is brilliant yet simple.
Has anyone used the Abine DeleteMe service she recommends? I'm familiar with their Blur product.