
Ask HN: Could we improve passwords this way? - davidiach
I hate having to remember passwords, especially if they are complex&#x2F;secure and I&#x27;m sure others feel the same way.<p>So I had an idea, what if instead of having to remember a long, secure password, I just need to remember where to find it? As an example, I could use a permalink of a YouTube video as my password, this way I don&#x27;t need to remember what to type in, just where that video is located and copy paste the URL whenever I need to login.<p>Sure, such a approach has drawbacks such as how to make sure the video&#x2F;url doesn&#x27;t disappear, but otherwise I don&#x27;t see how an approach like this can&#x27;t be viable.<p>But I&#x27;m not an expert so can anyone tell me if this is a good idea or a bad one?<p>Thank you!
======
LordWinstanley
Hopefully I'm not derailling the discussion too much but, while on the subject
of alternatives to passwords, I've long wondered why ssh public/private key
pairs are not used for logging into websites?

I use ssh with public/private keys to log in to various servers I host
websites on, to connect to git repos, as well as to connect to 'things'on my
local network, such as RaspberryPis, etc. It's about as painless as you can
get and is very secure. So why is this method not used more widely on the web
in general?

I realise that currently it's not very user-friendly to create and upload ssh
keys, as we have to do it from the command line. But I wouldn't have thought
it beyond the wit of software developers to put an idiot-proof GUI on top of
the procedure. Then, whenever we need to create a login for somewhere, we'd
just upload our public key and we'd have passwordless login.

It seems so obvious, there must be a practical reason it isn't done. So, what
is it?

------
probably_wrong
Let's start with something similar: instead of YouTube URLs (which may
change), you turn the domain name into a number. That number is a page of a
specific translation of the Bible, and you pick the first verse. Same idea,
but the format won't change.

Will this work for you? Yes. Will it scale? No. Here's why:

Once I know the system, I can easily use it to impersonate you. You could add
a secret, in which case all I have to do is run all verses, one by one, until
I find the correct one. You could add requirements for a "safe" secret, in
which case we just re-invented passwords. Keeping the book secret won't work
either, because if I know your scheme I just have to observe which books you
check more often.

There's also the issue of password reuse, with many people using the same
password. Running the scheme with the top most popular books is likely to work
well.

At the end of the day, if you keep the whole scheme in your head then you'll
be fine, and you'll have a reasonably safe password. But a system that gets
more insecure the more people knows about it is unfortunately not a good
scheme.

------
Cozumel
It's an interesting approach. I can see it been useful if you need to log in
from somewhere new and you don't have any of your gear with you, but relying
on an external site to not change their links is dodgy.

You could put a page on your website with a key like
mysite.com/mypasswords.php?key=1234 but that's not really that secure either.
I agree with the others, you're better off just sticking with long random
passwords and a password manager.

------
SuperPaintMan
Facebook does some jazz for my friends where they can log in by selecting a
few faces. So that's kind of similar.

I'm with imaginenore on this one, just use long randomly generated passwords.

------
imaginenore
So you will have one password for everything?

Just stop inventing nonsese schemes, and use a password manager and long
randomly generated passwords.

~~~
davidiach
I'm not suggesting that.

But the password managers I have used so far also require a password.
Basically you need to know a least one secure password.

~~~
probably_wrong
I replied in general above, but to answer this in particular:

It has been told that printing your master password and putting it in your
wallet is actually very safe: no online attack will reveal it, and losing the
paper would not be an issue without extra information, the same way losing a
physical key is not the end of the world without its address. You are doing
something similar.

What you suggest is perfectly fine for one password - you are just moving the
entropy from one place to the other. However, you shouldn't use it as a
general method (see my other comment), and you should be aware that a
determined attacker can find it by looking at your browser history.

~~~
Cozumel
Security is a mindset. Carrying your master password around with you isn't
safe, it's only perceived to be safe because you're not a target, like waking
down a dark alley is 'safe' only because you're not carrying any cash.

If someone wants access to your stuff and you're carrying your master password
then you may as well just not bother using a password in the first place!

~~~
probably_wrong
I'm sure someone could one-up us by saying "your password could be extracted
from you under torture, you need a behavioral pattern password that cannot be
replicated under stress", and so on.

I agree that Snowden should not carry his password in his wallet, but at the
same time, I think that we'd see a drastic improvement in security if all
regular users did precisely that (and Bruce Schneier agrees [1]). Those that
think they can be targets and/or deeply care about the issue can always do it
the better (but more expensive) way.

[1]
[https://www.schneier.com/blog/archives/2005/06/write_down_yo...](https://www.schneier.com/blog/archives/2005/06/write_down_your.html)

