Old Passwords

I went into my password vault the other day to retrieve a password.  For the application in question I had noted in the comments “old password may be ________”.  I’m not sure why I felt the need at some point to record a previous password.  This is terrible opsec practice to leave old passwords lying around.  Ask yourself, how many folks do you think use old passwords as seeds for new passwords?

monkey12 -> monkey123

password! -> password!!

mommieOct06 -> MommieDec08

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s