Hacker News new | ask | show | jobs
by throwawaysnipe 5209 days ago
"Humans weren't meant to do that."

You sound rather defeatist for someone who's on Hacker News. Here's a tip. Create a pattern of sorts, example follows:

    1. Choose a keyboard sequence: say qwerhjkl
    2. Pick 1 < 5 < N.  Use the first N characters of the site/service, followed by N.  npm3qwerhjkl
You now have multiple passwords with an easy mnemonic. The above example may be too obvious a pattern to crack, so come up with a better one.
1 comments
HCIdivision17 5209 days ago
Hear, hear.

There are so many ways you can do this. It's fast, easy, yet completely unintelligible to a human. My personal favorite is to convolve it with a spatial pattern, like typing the password out in Dvorak while using qwerty. Or use each finger in sequence, with each finger taking a choice of the four keys near it depending on where the site name's letters are (i.e. ycombinator = 1xefmko.qwe).

I find it also helps to have three standard versions - a standard that may contain special characters, one that is guaranteed not to, and second that acts as a fail-safe in the event the password has tight length or character constraints.

It only sounds convoluted - the rules are simple and easy to memorize, and damnably difficult to see a pattern in outside of brute-forcing.

link
Danieru 5209 days ago
I disagree.

Once you've broken dictionary attacks I think the next goal should be to increase length as easily a possibly.

Personally I prefer a standard prefix/postfix with with a variable competent generated from the site name or url.

This allows you to use different standard substings for different sites depending on their importance. Since the substring can include the dictionary breaking portion you are free to use less complicated generation patterns for the variable part.

The end result should be longer passwords.

link