Show HN: DIY-DRY Password System
My system is to use a standard, common word, such as "cat." Let it begin with a capital letter followed by the service name. Last is a favorite number; for example, Catinstagram17 for Instagram and Catfacebook17 for Facebook.
Even if your password is stolen from Facebook, the hacker can't use it to brute-force themselves into your Instagram account, as the password won't match. Instagram and other services usually code and "salt" user passwords with a hash system. For example, the Catinstagram17 to you is obfuscated in the checked against file at the service and it looks something like this: "9dC90Oy26#^Y." So, along with all the other encrypted user passwords in the list, they likely won't see your pattern.
For the banks and work with heavy restrictions, such as special characters, I just add that to the end.
*DIY is "Do it yourself," and DRY is "Don't repeat yourself."
5 comments
[ 3.4 ms ] story [ 19.5 ms ] threadOnce an attacker guesses your pattern, it is game over.
Then I realized some of the most memorable things in my head were because they were so novel, weird and essentially random.
I know the answer to a riddle like this is something like 1Password...but it doesn't feel right, does it? The trouble might be that we're looking for an elegant solution. To me, that's always a warning sign. The search for elegant solutions tend to be fool's errands for young designers of systems.
Not that I think you were thinking this hard about it. It seems like you're just starting a dialogue, which is great.