Hacker News new | ask | show | jobs
by MrUnknown 4349 days ago
I used to use something like this, then you realize, it won't work for 50% of the sites out there as you can't customize how the passwords are generated.

Can't use special characters? Must use a special character? Can use $%^& but not * ?

Amex has a limit of 8 characters, how many does this generate? I want to use more than 8 for most sites, how do I do that? etc.

The Javascript bookmarklet let me change these settings, but then I had to remember them for each site that had custom settings.

I just switched to KeePass, fixed all of that.
2 comments
oneeyedpigeon 4349 days ago
Yup, sites that impose their own password restrictions, with the intent of strengthening passwords, that actually serve to weaken them, have a lot to answer for.
link
Appnician 4349 days ago
You can add a standard string to all passwords, for example "Ab1#", so that it satisfies like 99% of sites. You do get in situations where you have to know remember some more information, but this can mostly be written down.
link
jerf 4349 days ago
"You do get in situations where you have to know remember some more information, but this can mostly be written down."

That boils down to "this idea won't work"; "writing down my passwords" is the exact failure case we're trying to get away from. And I don't have that problem with LastPass.

The name of the game isn't to try to make this idea work at all costs. The name of the game is to find the best way to manage passwords. It's important not to lose sight of that in the argument. (If you look around, you'll see this particular cognitive problem come up a lot in engineering... never lose sight of the overall goal no matter how far into the trees you go.)

Unfortunately, at least a dozen iterations of this idea have come to my attention, to say nothing of who-knows how many hundreds or thousands of implementations of this basic idea there are, and they haven't succeeded because they really don't work in the real world.

link
MrUnknown 4349 days ago
If I write it down, I will lose it. I do have some passwords that follow a specific pattern that I can remember easily for sites I might need to access outside of having KeePass on a machine (haven't put it on my phone).

I love this idea, I hate having to have a actual database to keep after and secure, and I wish it could be done in a way that wouldn't require that, but sites have too many variables for passwords that for me, literally, this wouldn't work on sites I use every day.

link