Consider a computer with only 1 user, but 3 passwords:
- 1 for Full Disk Encryption (FDE)
- 1 for a user account without administrative rights, which would be the account the user uses everyday
- 1 for an administrator user account, which would only be used when programs require elevated privileges
I was thinking about a Windows computer with Bitlocker, but the question could also apply to other FDE solutions (e.g. TrueCrypt/VeraCrypt), or even other operating systems (Linux, macOS, ...).
Of course, using 3 different passwords would be ideal in terms of security.
However, using a password manager isn't really possible for these passwords.
So, what are the security implications of using the same password for these 3 use cases?
I can think of the following risk: the FDE password is normally pretty safe against software keyloggers (I think), however the user account password and the admin account password aren't.
Are there other risks?
Alternatively, if using 2 different passwords, which one should be different from the other 2?
I'd say the one used for FDE should be different. It seems acceptable to have the same password for the user account and the admin account (provided there's only 1 user), in the same way sudo asks for the user's password (and not a root password) on Linux systems.