
I use only one password for all web sites - yaix
http://justmybloghere.tumblr.com/post/6760078650/i-use-only-one-password-for-all-web-sites
======
jacques_chester
A better title might be: "I use only one linkbait title for this blog post".

The author does not describe a single password, but rather an algorithm for
creating passwords predicated on domain names.

Personally I'd prefer to memorise one complex password and use that as a key
into a KeePass database.

------
jamesrom
I've been using a system like this for a while. It doesn't need to be as
complex as this article suggests.

Something like this would work fine:

Get the domain name, take the first 3 letters, reverse it, replace each
character with the character that sits to the right of it on a keyboard.
Append (or prepend) this to an already secure, remembered, password.

The only way a person can know which part of the password is variable is if
they have access to two passwords generated by this system, from different
sites. Highly improbable. Moreover, even if they do figure out which part does
change, they have to try to reverse the algorithm.

------
keyle
Just reading the process hurts my head. Please. Security, yes, headaches, no!

Personally, I use rude sentences depending on the site, with numbers and
punctuations. And a throwaway password for your "Show HN's" ;)

------
nickzoic
So really, you're using a primitive hash of the domain name, where the exact
algorithm is a secret. Why not use a proper hash of the domain name plus a
secret, like this does:

<https://www.pwdhash.com/>

~~~
Locke1689
I assume because you would have trouble with that if you didn't have the
ability to generate the hash. In the case of pwdhash, what if you don't have
the ability to install the extension?

~~~
nickzoic
That's a valid point, although I suspect the algorithm subscribed is just
about complicated enough to tempt you to write down frequently used passwords
anyway.

You could carry around a little pwdhash implementation on a smartphone or
whatever, I suppose, the algorithm isn't rocket science:
[http://crypto.stanford.edu/PwdHash/RemotePwdHash/hashed-
pass...](http://crypto.stanford.edu/PwdHash/RemotePwdHash/hashed-password.js)

It's a pity this sort of thing wasn't build into the input type="password" in
the first place ... maybe HTML5 should introduce an input type="passhash" ...?

------
whichdan
I think an idea like this could be great if combined with a partial javascript
bookmarklet. Counting how many characters are in the domain name isn't exactly
mentally taxing, but it would get tedious pretty quickly.

~~~
yaix
I am doing it for a while now and you get quickly used to it.

But your idea of a bookmarklet is interesting!

------
ahrens
That is a really bad way to set and remember passwords for most people. It's
so complex, it must take a couple of minutes to calculate the password every
time. Security that people actually USE, needs to be simple.

I usually use sentances with 4 or so words, that is odd enough to remember. I
combine that with keepass safe for sites i only log into on my computers and
synch it using dropbox. I also have access to it on my iphone and ipad. The
combination of these techniques enable me to log into most sites without a
password manager and all of them on the fly.

------
dennisgorelik
It's so complex that I'd rather use password manager.

Or better yet - actually use the same simple password on all web sites which
are not important to me.

------
bantic
Surprised no one has mentioned 1password here yet. It generates passwords, has
extensions for most browsers, and can sync between iPhone and your computer. I
find it super handy, although it's funny when I'm using a friend's computer
and my iphone isn't around and I have to tell them, "actually, I can't log in
to facebook because I don't know my own password."

------
chx
SuperGenPass does this just a lot better. Originally a bookmarklet, more
securely implemented by extensions for Firefox and Chrome, an android App and
I think even an iOS app.

