

Ask HN: Do you use different passwords on different sites? - Namrog84

I have gotten quite a few &#x27;compromised&#x27; emails from various sources over the recent years.<p>Saying: &quot;Ooops, sorry we were compromised, be on the look out for phishing emails. If you use the same password on other sites, you should change them&quot; among the other standard stuff.<p>I feel like I get one of these emails about once every week or two.<p>At this point, I feel like these emails are almost pointless to me.  They rarely say much details.  I started quite a long time ago to add variation on a per site basis to my passwords.<p>Do most HN users use same password, a small variant,  a truly unique password(password keeper?) on a per site basis?<p>Thoughts? Recommendations?  Is it all just hopeless and pointless? Is it worth the hassle of different passwords? Do you maintain a few passwords and &#x27;update them all&#x27; whenever you get one of these emails?
======
dsacco
Yes. I use a 22 character password composed of mixed-case alphanumerics and
symbols. I generate a new password for every single website I have an account
with, no matter how onerous the process or insignificant the account.

Later this year I am considering transitioning every single account to its own
email address on my domain as well. But I recognize that's a tad paranoid.
Perhaps only the most valuable accounts.

I recommend 1Password. I don't think there has ever been a major security
breach with 1Password, and when I reported a minor cryptographic flaw they
were _very_ quick to respond to me and plan a fix for it, despite the threat
model being relatively small.

~~~
deepfriedbits
I also favor this approach and 1Password sure makes it, if not easy, then
certainly tolerable.

The only thing I'd add is that there are some websites with weird length and
character rules, so sometimes you must tweak your password generator for
smaller lengths (you won't be able to use 22-character passwords everywhere)
and fewer "special characters" (non-alpha-numeric in this case).

------
brobinson
I use mSecure with a different, randomly-generated password for each
site/service I use.

------
bosdev
I use a password manager (1Password) to generate a strong, unique, password
for every site.

------
pw
Yes.

------
hailander009
Don't track me :)

------
paulhauggis
I use a password manager and generate 64 random number/character combinations
for each account. When applicable, I also enable 2FA.

With accounts that are a 1-off and I don't really care about, I don't go
through the trouble and just use a short password I can remember.

Something interesting I have found is that some sites will allow me to use a
64 character password when I create the account, but error out and won't allow
me to login. If I shorten the password, it works fine.

------
slater
NICE TRY!

