undefined | Better HN

0 pointsjeremysmyth10y ago0 comments

Hmm, did I use "hacker news" or did I use "ycombinator" or did I use "news.ycombinator" or....?

You have to be specific when you pick the algorithm if it's to work the way the author suggests, and preferably something that is not easily shifted, such as the domain name and not the site's title.

0 comments

5 comments · 2 top-level

wingerlang10y ago· 3 in thread

As someone who has used passwords based on the website names for a long time, this has been an issue maybe 3 times, in total.

jjoonathan10y ago

How long is "a long time"? Because over the year or so I gave sitename-passwords a try it popped up as an issue way more than 3 times, even after I started ignoring subdomains and instituted rules about always trying to use the main domain for big companies. There are tons of systems out there that use cross-domain (notably both of my banks and both of my schools), hidden-domain (i.e. log into an app or device where the parent domain isn't immediately obvious), or changing domains. Of course, these issues were nothing compared to trying to remember all of the variations I added to sate the enormous variety of conflicting password requirements (especially novelty requirements and passwords you don't get to choose).

I was in complete denial about how bad the situation was until I encountered some light teasing from acquaintances who didn't even know me that well -- just well enough to know I couldn't ever remember my passwords. I started keeping tick marks on my calendar and found a ~75% success rate, although the 75% was composed of the handful of logins I used every day and the 25% was "everything else" so the reality was that the password derivation system was failing for a strong majority of passwords.

I gave up and started using lastpass. No regrets, but many positive surprises: that time their network was breached but it didn't matter because they didn't use shit encryption, the automated password reset feature for big-profile leaks (they give you a "todo" list which is often as simple as clicking a single button next to each item), the ability to easily store serial numbers, "verification questions", and other nonsense, a general lack of guessing passwords several times before success, and an ability to dramatically up the cross-entropy of my passwords.

I might move from lastpass to a physical repository some time. But I am never, ever going back to a password derivation scheme.

I wish you luck. Or an eidetic memory. You'll need it.

wingerlang10y ago

I've used it for probably 6-8 years now, first memory of the base password is well around 10 years.

It is not very strong, I don't have some lookup table or complicated stuff just some small variations for each site.

I've started using 1Password as of late though, but that's mainly because I sometimes want to store notes and whatnot for websites and this makes that convenient.

taco_emoji10y ago

I use KeePass + Dropbox across Windows, Mac, and Android.

jordanwallwork10y ago

Yeah I did mull over whether to use news.ycombinator, but I call it hacker news so that's what I went for - I can't really think of a website that I have multiple names for, so not sure that'd confusion over the name would really be much of an issue

j / k navigate · click thread line to collapse