For my last tech tip I talked about using a Password Manager. If you’re still on the fence about a password manager due to the worry of a compromised online vault, I’ve got a solution for you. “Pepper” your passwords.
“Peppering” is a method of adding a secret “pepper” to a password manager generated login before signing into an account. Let’s say you want to log into your bank account. First, take the complex and unique password your password manager recorded in the vault (we will use ghX5$78yuPLk789tu). Second, add the “pepper” to the end of ghX5$78yuPLk789tu. If your “pepper” is highfive, your bank account password is now ghX5$78yuPLk789tuhighfive. Third, log in to your bank account. When you “pepper” your password, you must add the “peppered” part to the end of your password before you can log into a web site. Without the “peppered” part of the password, your login will fail.
“Peppering” your password will protect against potential breaches of password managers, as the complete password isn’t fully stored in the manager. Cyberthieves canrecover your bank account password ghX5$78yuPLk789tu if your password manager is hacked. . But they won’t be able to log in to your account, because the cyberthieves don’t know to add the “pepper” of highfive.
Use one consistent pepper and apply it to the most important accounts, like email or banking, to avoid complexity. Note in your password manager which accounts are “peppered”.
“Peppering” won’t replace multi-factor authentication (MFA) layers on your password manager or other accounts. Rather, it offers another layer of protection should someone make their way past your MFA and get into your vault.
Comments are closed for this post.
