Extra random work/characters/salt concat in the password input field?

[ysk3a]

Thank you keepassxc team for creating this. i have tried to make strong password and storing it securely a more common practice.
This is just an idea that came to mind randomly while using keepassxc and I'm not sure if Keepassxc has this feature or not but I thought it would be cool to have some small extra feature for automatic concat of random words/characters in the password field. Lets say I use the password generator or enter my own password into the field, on save it would concat randomly extra random words or characters to the original password so that if some third party were to somehow see the password or have access to the db, the 1st automatic assumption is that when 'viewing' the password you see the seemingly gibberish password but in reality the real password is in between the gibberish and only the owner would know what part is the real password.

[droidmonkey]

Testing your password would take 10 attempts, say I wrote 10 gibberish characters to the front or back or split. I just remove a character at a time until it works. This does not improve security.

[GitHubinatrix]

[...]
I just remove a character at a time until it works
[...]

But not every site / service will give you unlimited attempts, righ?

[ysk3a]

[...]
I just remove a character at a time until it works
[...]

But not every site / service will give you unlimited attempts, righ?

thank you for the reply!

as GitHubinatrix said, this is what i also thought as well. I'd assume most sites would have some rate limiter to limit sign in attempts. not a lot but some even rate limit totp.

it is not a needed feature but just thought it would a cool thing to have and thought it would be an interesting discussion.

i guess i could concat 'extra password' to the original password but i would need some way to remember which part is concat or not 😅 since as of now, it would just copy the whole password when clicking on 'copy password' or 'auto type'.

[GitHubinatrix]

[...]
I just remove a character at a time until it works
[...]

But not every site / service will give you unlimited attempts, righ?

[...]

this is what i also thought as well. I'd assume most sites would have some rate limiter to limit sign in attempts. not a lot but some even rate limit to

Wait- what I wrote does not really apply here

Because even if number of attempts was counted and subtracted from allowed number of them, what would stop attacker from coping the file and working on unlimited number of exact copies of database file?