undefined | Better HN

0 pointssmilliken13y ago0 comments

What would you recommend instead? If you insist people remember all of their passwords in their head, you'll end up with them using the same password for everything.

0 comments

4 comments · 1 top-level

purephase13y ago· 3 in thread

I think the most common is you have a single password, but you hash it with the name of the service you're logging into.

For example, if you're password is "puppy" and you're signing-up for HN, your password would be:

pHuApCpKy

And, if you wanted to make it stronger, salt it with some special characters.

p~Hu!Ap@Cp#Ky$

... which is just the shift-characters on a number row in order.

This way, you only have to remember one password, and it is service specific, and pretty strong. No password manager needed.

Of course, I don't do this. I use a 1Password and KeepassX.

GhotiFish13y ago

I like the idea of hashing off a root word + site. I'd rather have the browser do it for me though, and I don't think there's anything on the page itself that I could depend on to hash with. Maybe the domain?

To be honest, firefox has an encrypted database of site-passwords. What's wrong with that?

icebraining13y ago

I have a system like that, that takes a master and the domain. The advantages over the Firefox password manager is availability and not having to worry about backups. Since I know the algorithm, I can recreate any password using widely available tools.

tlrobinson13y ago

http://cynix.org/tools/superpwdhash

http://supergenpass.com/

https://www.pwdhash.com/

j / k navigate · click thread line to collapse