undefined | Better HN

0 pointsbcrosby954y ago0 comments

My #1 priority is a manager that my family can easily figure out how to use it. The alternative is easily hackable passwords.

0 comments

7 comments · 1 top-level

smoldesu4y ago· 6 in thread

Which is easier to use: LastPass or CorrectHorseBatteryStaple?

function_seven4y ago

LastPass (or password managers in general).

CorrectHorseBatteryStaple will fail for a lot of sites. It doesn't have special characters, it's too long, it doesn't have numbers, it contains dictionary words, etc.

And you still have to remember the unique phrase you chose for each site. If you have a couple dozen logins, can you remember 24 different phrases? What about when a site forces you to change your password?

mttjj4y ago

A password manager. A much as I like CorrectHorseBatteryStaple, it would be impossible to use on every account I have (hundreds). I use CHBS for the few (5 at most) accounts that I log into all day, every day. Everything else gets a long, random string of garbage and stored in my password manager.

kingnothing4y ago

LastPass, unless you're able to memorize 200 different unique, complex passwords. Using a password "scheme" per site (like CorrectHorseBatteryStapleHN, CorrectHorseBatteryStapleReddit) is not safe.

otherme1234y ago

This happened to me: I forgot a password (site was ThompsonReuters, so not a tiny company we-dont-know-better), and requested a restore via email. The mailed me the password in plain text: "Your password is CorrectHorseBatteryStaple, you can change it at url.com/change".

So imagine you use CorrectHorse, and some site stores passwords in plain text or weakly hashed, and then the DB is compromised (if they do badly the storage, chances are the DB is also weak), and boom, a cracker has your email, password, and the name of your first pet.

But if I use KeepPass, I don't care if my password leaks from that site or the other, or if they store in plain text. That password is only used in one site.

admax88qqq4y ago

LastPass

Cause most services still require arcane rules like "must have a number, an upper and lowercase letter, and 2 symbol but not on Thursdays"

mrtranscendence4y ago

I use the CorrectHorseBatteryStaple format, but with a short string of digits/symbols at the end to satisfy picky rules. This generally seems to work. But since I use a different password for every website I don't see how I could not use a password manager of some sort ... making passwords easier to type and remember doesn't mean I'm going to remember them all.

j / k navigate · click thread line to collapse