Reply to post: Re: We encourage all customers not to use the same password for multiple sites

Transport for London Oyster system pulled offline after credential-stuffing crooks board customers' accounts

Oh Matron!

Re: We encourage all customers not to use the same password for multiple sites

This is easily fixable, but only if websites support it.

rather than use: bob@bob.bom, Where websites support it, I use bob+fhfggdh@bob.bom (I think you can use underscore to perform the same task)

I started originally using bob+websitename@bob.com but realised that was easily exploitable.

Of course, you can use a password manager and different password per website too to reduce to attack surface even further

Of course, you all know this, but...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019