Since the topic of salting your passwords was such a huge hit, I figured I should go into more detail on how to do it.
How To Salt Your Passwords In Your Password Manager
When signing up for an account, use your password manager to generate a random password as shown below.
Before you press the sign up button, add your salt to the end of the password as shown below.
My salt is “bacon.”
When you store the password in your password manager leave out the salt as shown below.
If you want you can add a reminder in the notes field to remind you that you use a salt for that password.
When you go to log in to the website, have the password manager autofill the password it has and then add the salt before pressing the login button.
If for some reason your password manager is breached the real password is not exposed.
What Salt Can You Use?
A salt can be anything you want it to be or at any place you want.
You can pick a random word, a phrase, or even a password you used before.
You can also put the salt at the end, beginning or anywhere in the password you want.
Whatever you do, make sure to be consistent or else you’re overcomplicating things for yourself.
What Passwords Should You Salt?
Please do -not- salt all your passwords!
Only salt the most important passwords like the ones for your email or banking accounts.
Salting all accounts will make your life harder then it needs to be.
Why Salt Your Passwords?
I’ve found people have a hard time trusting password managers. They have a fear of the “all your eggs in one basket,” which is actually a good thing as explained here.
The real goal is to keep people from reusing passwords or using super weak ones. The only way I’ve found to do this is with a password manager, but this created new problems of trust. I feel the act of salting your password solves the issue of trust with password managers that many people have.
With the salting method, there is no excuse not to use a password manager.
FAQ – Questions I Get About Salting Passwords
What If I Forget My Salt?
I suggest you write down your salt and master password to your password manager and keep that somewhere safe. I go over why it’s crucial to write down your master password.
You can also make your salt a “security question.” So in the notes section of the login instead of merely saying “salt” you can ask yourself a question only you would know the answer to. Something like “What’s the name of your least favorite movie” and the answer can be the salt.
Another way to help you remember the salt is to upload a note in your password manager that contains the salt word. Make the salt the first word, so you don’t forget it or find other ways to make it stand out to you.
You could get overly complicated and indicate the salt by the word number it is in the note and place that number in the notes of the password. Placing a 3 in the notes of the login will indicate the salt is the third word in the one note that only you know about. I would not go to this extreme; it’s better to keep it simple.
Can I Use The Websites Name For The Salt?
I would suggest you don’t because that is easy to figure out. Stick to a random word or really anything else.