[ramraj07]

I continue to use LastPass because I’m lazy and I never trusted any app fully in the first place. All my main account passwords are in my head alone.

[doublerabbit]

Yeah. I don't get this. I've never required a password manager, maybe I'm just good at remembering passwords.

And why would you even trust a cloud based product. If I can't see the hosted source code storing the password then I'm not trusting it regardless.

[ajmurmann]

> I've never required a password manager, maybe I'm just good at remembering passwords.

How is this possible? I must have at least 50 passwords I use with some regularity and many more I use once a year or so. All my passwords are at least 16 characters long and totally random. Are you able to remember that without compromises like repeat passwords or patterns used for generating them (including website name in password or similar)?

[somehnguy]

If you can remember your passwords I have a strong suspicion that you’re using weak passwords and/or re-using them. All my passwords are 12+ (whatever the site max is) random alphanumeric+symbols and don’t get re-used across sites - there is no possible way I could remember them all.

[5e92cb50239222b]

Diceware is easy to remember.

https://www.eff.org/deeplinks/2016/07/new-wordlists-random-p...

https://www.eff.org/dice

This generator uses a different wordlist with about 18000 words.

https://1password.com/password-generator

Using a quick back-of-the-napkin calculation, you get roughly this amount of entropy from 1password's wordlist when compared to random alphanumeric strings [a-zA-Z0-9]:

  - 5 words ≈ 12 chars
  - 6 words ≈ 14 chars
  - 7 words ≈ 17 chars
  - 8 words = 19 chars

If we take 5 words as the minimum you'd want to use on a web service:

  - halvers persia dutiful manes party
  - append medalist society duke disobey
  - acoustic halo assuage upkeep dexter
  - area theist motile align trespass

As a non-native English speaker (which should be obvious from my strained speech), I'd say it's rememberable enough.

[doublerabbit]

9-12 characters upper and lower case with numerical and special characters, pretty much unique.

[kstrauser]

I’m sure we won’t talk you out of this, so I won’t try.

Anyone else reading this: do not just remember your passwords. Unless you’re Lord Nikon, if you can remember more than a handful of passwords, it’s because they’re weak enough to be memorable. Or worse, used in more than one place!

Use a password manager. Always. For everything.

[doublerabbit]

I'm not against a password manager just cloud based ones where you have no sight on the source.

Nor are my passwords weak. Okay; seeing as one of my passwords expired lately.

U0ptz#^7--9

You zero pee tee zee hash up-thinggy 7 dash dash nine

Another:

L0@!tF..9w&

Lel zero at metal-gear-solid-noise tee follow dot dot nine walks and

I find that stuff very easy to remember. I just make a fantasy story based on the password.

L9d£5"s

Little 9 ducks cost 5 said sir.

HNr!##@t

Hacker News really can suck balls at times.

[shepherdjerred]

My 1Password has 1000 passwords/license keys/ssh keys/api keys stored for me, along with the associated username + 2fa code. There's no way I'm going to be able to remember more than a handful of those.

> And why would you even trust a cloud based product.

1Password's security model sounds pretty reasonable to me. The convenience of having my Passwords backup and synced to my devices is worth the tradeoff in security in my case.

[suddenclarity]

> maybe I'm just good at remembering passwords

I've got close to 1500 stored passwords. How does one even start to remember those?

[doublerabbit]

Your telling me you use all 1500 passwords? How many of them are obsolete?