Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The main issue with this kind of method (using an algorithm to create a password) is that it makes it very hard to change your password if needed.

E.g, let 's say you use your algorithm for your passwords : Amazon get AnxPv4rz, HN get hsxPv4rz, etc... Now, someone get your password for Amazon one way or another (social engineering, poorly protected website, etc...). You have two choices :

* Change your algorithm for all your passwords. Depending on the number of different websites you use, it will probably be a very heavy process, and you might forget some websites.

* Use a different algorithm for Amazon. If you start going this way, you'll quickly find yourself with 5-6 different algorithm, each more or less complicated. That's pretty much why people use Password managers : they want secure passwords, without having to remember each and every one of them because it gets complicated after the 5th. And if you use a password manager, you might as well use completely random passwords.



Additionally, if a hacker gets 2 of your passwords, they can see that all you passwords are of the form AxxxxxB, from there it is quite easy to get all your passwords. If you have an "algorithm" that is easy enough to remember, then it is most likely breakable by a smart hacker.


It would not surprise me if a single password is enough for an attacker to guess the rest in this scheme. It is common enough to be predictable, and even if it weren't, all your passwords are at most 2 characters different from each other. That's not a lot of entropy.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: