Ask HN: Do you use different passwords on different sites?
Saying: "Ooops, sorry we were compromised, be on the look out for phishing emails. If you use the same password on other sites, you should change them" among the other standard stuff.
I feel like I get one of these emails about once every week or two.
At this point, I feel like these emails are almost pointless to me. They rarely say much details. I started quite a long time ago to add variation on a per site basis to my passwords.
Do most HN users use same password, a small variant, a truly unique password(password keeper?) on a per site basis?
Thoughts? Recommendations? Is it all just hopeless and pointless? Is it worth the hassle of different passwords? Do you maintain a few passwords and 'update them all' whenever you get one of these emails?
9 comments
[ 2.9 ms ] story [ 41.5 ms ] threadLater this year I am considering transitioning every single account to its own email address on my domain as well. But I recognize that's a tad paranoid. Perhaps only the most valuable accounts.
I recommend 1Password. I don't think there has ever been a major security breach with 1Password, and when I reported a minor cryptographic flaw they were very quick to respond to me and plan a fix for it, despite the threat model being relatively small.
The only thing I'd add is that there are some websites with weird length and character rules, so sometimes you must tweak your password generator for smaller lengths (you won't be able to use 22-character passwords everywhere) and fewer "special characters" (non-alpha-numeric in this case).
I like 1password. Do I keep it open all day every time I want to grab something? What about phone or not at home? Accessible online anywhere? Just curious for how I should use it.
With accounts that are a 1-off and I don't really care about, I don't go through the trouble and just use a short password I can remember.
Something interesting I have found is that some sites will allow me to use a 64 character password when I create the account, but error out and won't allow me to login. If I shorten the password, it works fine.