Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What would you recommend instead? If you insist people remember all of their passwords in their head, you'll end up with them using the same password for everything.


I think the most common is you have a single password, but you hash it with the name of the service you're logging into.

For example, if you're password is "puppy" and you're signing-up for HN, your password would be:

pHuApCpKy

And, if you wanted to make it stronger, salt it with some special characters.

p~Hu!Ap@Cp#Ky$

... which is just the shift-characters on a number row in order.

This way, you only have to remember one password, and it is service specific, and pretty strong. No password manager needed.

Of course, I don't do this. I use a 1Password and KeepassX.


I like the idea of hashing off a root word + site. I'd rather have the browser do it for me though, and I don't think there's anything on the page itself that I could depend on to hash with. Maybe the domain?

To be honest, firefox has an encrypted database of site-passwords. What's wrong with that?


I have a system like that, that takes a master and the domain. The advantages over the Firefox password manager is availability and not having to worry about backups. Since I know the algorithm, I can recreate any password using widely available tools.


http://cynix.org/tools/superpwdhash

http://supergenpass.com/

https://www.pwdhash.com/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: