too short, for all that effort just use a sentence with a symbol and a number.
FacebookCanGoToHell!123 is more secure and easy to remember
Comment on Security expert reveals surprising way to make your password stronger: use emojis
Agent641@lemmy.world 1 year ago
Pick four long words at random. Assign each of these to the four quadrants of the alphabet.
A-F - equipment
G-M - triumphant
N-S - sampling
U-Z - fatigued
Pick one number:
4
Now, take the first letter of the service that the password is for, and that selects your quadrant word. Take the number of letters in the service and multiply it against your number. Take the last letter of the service, and on your querty keyboard, move all the way to the right of thst line to select the first symbol there. Thats your unique password thats salted with yo ur personal words and number.
adrian783@lemmy.world 1 year ago
Agent641@lemmy.world 1 year ago
Youre going to memorize a unique sentence for each service?
A method like this allows you to memorize only 4 words of arbitrary length, a number, and a simple algorthm to yield unique passwords for each service.
Evotech@lemmy.world 1 year ago
You can also add a standard phrase to all of them that is shared between them all just to make them more complex
adrian783@lemmy.world 1 year ago
yes, it is what I do now. there was a time when people memorized 10, 15 phone numbers.
Rubanski@lemm.ee 1 year ago
Also you can’t really “forget” a password, because it’s connected to the name of the site. Very clever
banneryear1868@lemmy.world 1 year ago
Yeah putting the name of the service in the passphrase is actually pretty secure, unless the rest of the password is like “thisisapasswordforFACEBOOK” cause then one password gets leaked and the rest can be inferred.
splines@reddthat.com 1 year ago
The problem with using hash schemes like this is that when your password is leaked you can’t easily rotate the password.
lemmyingly@lemm.ee 1 year ago
This is what got me using a password manager. I didn’t want to trust a password manager because it felt like they would be highly targeted and one vulnerability would reveal everything. And let’s be honest they still are the same.
So I had my own scheme for generating passwords. I made myself a script that I could use on my phone and PC. It worked beautifully and effortlessly until occasionally a service would force me to choose a new password. When this started happening I made a new scheme for generating passwords and made a new script. When it first happened it was still reasonably easy because there was only one service I had to use the alternative. It started to become more difficult the more services asked for a new password.
I used my own system for several years until I had enough with trying to remember which services used the alternative scheme and wondered when I’d have to make a third scheme. And if I did then the mental complexity would significantly increase.
Interestingly only a couple of services publicly announced they had been hacked and none of my passwords have ever appeared on haveibeenpwned. So I wonder why these services asked for a new password and if they had been attacked why they chose not to announce it.
bdkmshr@monyet.cc 1 year ago
Not to mention if you suddenly developed amnesia or dementia
kpb@lemmy.world 1 year ago
Just come up with one strong password (see xkcd.com/936/) for your password manager and use randomly generated passwords for everything else. There’s no reason to manually compute a hash every time you sign up for a service.