What's The Name of This Password Management Technique and is it a Good Idea?

What's The Name of This Password Management Technique and is it a Good Idea?

Edit: We're gonna go with 'peppering'-ish. Thanks @anes!

I don't remember who told me this, but the idea was, when creating login using a password manager such as BitWarden, KeePass or LastPass. Generate a password, as usual, but add a word to the end of it that you do not save inside the password manager. For example:

Generated Password:"6JxDnak7bVojkXHNdGsm8U"
Password for the login:"6JxDnak7bVojkXHNdGsm8U" + "monke"

You add this word to the end of all your passwords, but again, you do not save the word in the manager.

It seemed interesting, but I just can’t find what it was called and if it was a good idea. The recent Uber hack reminded me of it, but I doubt it would’ve helped in that particular case.

On the surface it seems nice. The major positive of password managers is that you don’t need to remember hundreds of passwords for just as many sites.

But, if somebody gets in, they have access to everything, and can see everywhere you have an account. Depending on what you store in the manager it could be quite devastating if a bad actor got access.

However, this does mean each time you log in you have to type in the extra word. In addition, not only would you need to remember the master password you would also need this mini-master password.

By having this extra key, the bad actor would only know about everything you have an account for, which is still bad, but couldn't access any of them, as they wouldn’t know what word you add to the end of all your passwords.

Then again, if someone has already compromised your master password, you may not be safe from having your mini master password compromised as well.


Still, it seemed like a fun idea. Depending on where I post this, there may or may not be a comment section, but please let me know if this is a thing, and if it is a thing what it’s called, and if it’s a good thing, bad thing, or neutral thing.

I've unfortunately restricted my knowledge of cybersecurity to the yearly company multiple-choice test that always seems to feature a picture of a person wearing a balaclava mask, indoors, with a laptop that doesn’t have dark mode on.

Thanks for reading, I'll update this post if/when I can.