Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm a bit surprised at all of the people suggesting "remember one password, and mutate it with an algorithm based on the website name". That means that if you have to invalidate one password for any reason, you have to change all of them. On every service that you use. Do people really do this?


Yes, I really do this. No one said that this method isn't without its disadvantages.


Yes. There are some passwords that I have to remember since putting them into a password manager is not possible.


In what situation would putting them in a password manager be impossible?


You need to somehow have access to the backup of your database (in my case KeePass) in case you lose it. If you put the password of the access itself in the manager you are in a deadlock. It is much easier to end up in a deadlock situation like this than one might think. So carefully play through restoring your backups in the worst case scenario.

In my case, I am using Google Drive as my Backup Storage. If I were to put my Gmail Password in the manager I'd be locked out in the worst case and would not have access to my backup.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: