Hacker News new | ask | show | jobs
by vaksel 6079 days ago
The key is to just use a different password on every site by employing a special password structure.

For example, for HN, you can use:

orycPASSWORDy

[2 last letters][2 first letters][master password][1 first letter]

Good idea to mix and match numbers in the master password for added security. So for HN it can be: orycpassword1y

The good thing is that you only need to remember a single password for all your sites, yet they are all different. And if you ever forget a password, you can figure out what it was by simply looking at the url.
2 comments
jackfoxy 6079 days ago
Bravo! How come you don't have more points for this comment? Or am I the only moron who never thought of this?
link
imajes 6079 days ago
at this point there's no real reason not to use a random password generator for _every_ site. There are plenty of apps out there for auto login, and / or most browsers will do this for you. Yes, there's some pain syncing with mobile devices but this will go away at some point (modified oauth to validate devices?).

Password schemes like this are still inherently breakable; as soon as someone gets your key password then the rest is trivial to figure out - so why bother with the complication?

link
jackfoxy 6079 days ago
Because if you really are that important your nemesis will go to a lot more trouble than that to crack your security. Camouflage is about using simple means to hide in plain site.
link
vaksel 6079 days ago
until your computer crashes and you find yourself locked out of every site on the internet. No thank you.

+ what do you do when you aren't using your own computer. Want to check your email at work? Nope sorry, gotta provide the 25 digit randomly generated password.

Nothing is unbreakable, if someone wants your password they'll get it. For the password generator case they can just break into your house and steal your computer. Or organize a group of mercenaries to take hostages at AT&T to gain access to your packets....hey we are talking about a nemesis right?

And here is an added bonus...how do you know that random password generator app isn't sending all your passwords to a master file? Whoa, did I just blow your mind?

Different passwords is all you need for protection. That way if the company loses your username/passwords, the bots that will be using that information to check the passwords on other sites, won't get a hit.

link
imajes 6079 days ago
So, you made all kinds of awesome points that I went thru before i switched to random passwords...

a. (on not having access to your passwords). iPhone with them helps. (yes, i have to unlock that db with my hashing password). But in reality, I prefer that I can't get access to my email/facebook/whatever without having my machine. If i'm at work, I should be working... but it's the same machine anyhow ;)

b. true about stealing my machine. But again, my passwords are locked by my one key control password (which i don't easily remember either... yay for muscle memory ;)). Yes, it's a SPoF.

c. I clarified with Little Snitch. I don't really care that much. Because you're right: if one company screws you over and unveils your passwords, then having a scenario where people could then log into your email or bank means end of identity and a life of credit hell.

I just think that having a predictable password scheme is about the same as having the same password. If it's easy to guess, then you may as well have the same. IMHO, the only way to guarantee against any problems if one of your passwords is exposed is to go random. :)

link