Hacker News new | past | comments | ask | show | jobs | submit login

I have a method of generating passwords from a cryptographic hash of a secret key and the name of a service. This has been defeated by several services that forbid me from using the resulting passwords, either because of their special-character requirements or password lengths (after encountering some of this, I prefix the output with "A1a" and cut it off at 16 characters, but I've used services where even that isn't good enough), or because they want me to change my password every N days and don't allow me to reuse passwords.

I submit, I give up, you win. There's a file called "plaintext-passwords.txt" in my home directory. I keep the account information for these services in there. I've thought of keeping it encrypted, but if they don't want my account to be secure, why should I?

Anyway, if I had to type these passwords in rather than paste them, that would not stop me. All it might do is incentivize me to make them shorter.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: