this post was submitted on 03 Nov 2023
302 points (87.0% liked)

Technology

58137 readers
4445 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
302
Security expert reveals surprising way to make your password stronger: use emojis (nypost.com)
submitted 10 months ago by [email protected] to c/[email protected]
276 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 10 months ago (2 children)

The problem with using hash schemes like this is that when your password is leaked you can't easily rotate the password.

[–] [email protected] 1 points 10 months ago

Not to mention if you suddenly developed amnesia or dementia

[–] [email protected] 1 points 10 months ago

This is what got me using a password manager. I didn't want to trust a password manager because it felt like they would be highly targeted and one vulnerability would reveal everything. And let's be honest they still are the same.

So I had my own scheme for generating passwords. I made myself a script that I could use on my phone and PC. It worked beautifully and effortlessly until occasionally a service would force me to choose a new password. When this started happening I made a new scheme for generating passwords and made a new script. When it first happened it was still reasonably easy because there was only one service I had to use the alternative. It started to become more difficult the more services asked for a new password.

I used my own system for several years until I had enough with trying to remember which services used the alternative scheme and wondered when I'd have to make a third scheme. And if I did then the mental complexity would significantly increase.

Interestingly only a couple of services publicly announced they had been hacked and none of my passwords have ever appeared on haveibeenpwned. So I wonder why these services asked for a new password and if they had been attacked why they chose not to announce it.