Hacker News new | ask | show | jobs
by andrewfong 1017 days ago
I tried that but it's just really hard to keep up over time -- e.g. I used a rule based on the domain name but domain names change somewhere often. Toss in things like "ugh, which of my three emails did I use on this site" or "which high school teacher did I say was my favorite for this site" and it ends up being a big hairy mess that screams for an encrypted place to stick my notes.

Also, what I consider "non obvious" isn't that non-obvious. Given enough of a sample size, a committed attacker can guess a lot of rules. And if the prize (a crypto wallet) is big enough, they might be motivated enough to give it a go.
2 comments
benhurmarcel 1017 days ago
Also when there's a breach and you need to change your password, you have to make an exception to your rule. And remember it for that specific site.
link
jongjong 1017 days ago
If the domain name,, company name or whatever changes, you can change your password too. Also, it doesn't have to be domain names though.
link