Hacker News new | past | comments | ask | show | jobs | submit login

You don't need 50 unique bits of entropy for every one of those accounts. Memorize 10 25-bit passwords, for each account combine two of them, now you have 100 unique 50-bit passwords and you only need to remember 250 bits (technically 257 because you need to remember which combo goes with which), roughly the entropy of a long sentence. It might not be secure if someone has already hacked enough of your accounts to work out your pattern, but if you have dozens of accounts with different logins simultaneously compromised, that's on you.

I've got maybe 10 accounts that I really care about keeping secure - things like my bank and such where if someone got a hold of my account it would be a tough mess to sort out. Each of them has a unique password. But for most services I have login credentials for, I am not actually giving them any sensitive information. While I now use a password manager for these, before I just had a simple system for altering an otherwise standard set of passwords. It's not too hard to remember redd1t[standardsecurepassword], h@ckernews[standardsecurepassword], p0rnhub[standardsecurepassword], etc but as far as some random attack script is concerned these are all extremely unique and secure. If a human were specifically looking at it they could easily figure out the pattern and make some smart guesses, but even then I already give different emails to different accounts so I can tell who is selling my email addresses to spammers, and I had a few different secure passwords that I'd rotate, so only a tiny fraction would actually be in jeopardy. And again, there's nothing of value to be gained by hacking into these accounts. Overall I had maybe 15 genuinely unique passwords to remember, hardly a herculean feat. Now with the password manager, I still don't use it for my sensitive accounts, so I have like 8 passwords to remember; a relatively minor improvement.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: