Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Algorithmic passwords. Come up with an algorithm a(website, rules) that you can remember and that generates unique passwords per website. Store the rules (length restrictions, special character restrictions, number of times the password has changed, etc) in a google doc or something. Print out your algorithm on a physical piece of paper and put it in a safe place for after you die and people need to access your accounts. People always poop on algorithmic passwords, but so far no one has hacked my brain and gotten the algorithm unlike all these other cloud-based password managers that keep getting compromised.

Plus, if my phone or my yubikey or whatever is stolen in a foreign country I'm not SoL because the algorithm is in my brain and the rules are public knowledge.



Sounds like a lot of mental work just to log in. Or... Try a self-hosted password manager, or one that generally has a much better reputation?


A self-hosted password manager works for me; I only ever log in with a password from a single machine, so I use a local password manager that is completely unintersted in networks. I don't use a plaintext file, because like most people I have secrets; and because I trust people, not bureacracies (so I don't trust either the police or the government to hold my secrets safely).

That isn't going to work for most people, obviously. Most people want to be able to use their credentials from arbitrary machines. I don't have that requirement.


Mental work vs. physical work, pick your poison. Self-hosted password managers aren't work-free, you have to set them up and get them working across all your devices and maintain them.

When I need to log into Nintendo's eShop from my Switch, I use my algorithm. How does that work for a self-hosted super long random Bitwarden password? I'm guessing I need to bring up the password on my phone or something and manually copy and compare it digit by digit into the Switch which sounds like a lot of work.


Password managers offer plenty of perks. Automatic logins, notes, tokens\OTP and more.

Writing passwords each time is so old now. there are plenty of good password managers either local or cloud based.


Not to mention that automatic logins isn't just a perk, it's a security feature. Your password manager will not mistake leg1t-website.com for legit-website.com and type in your password into a phishing site because it just woke up.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: