

Turing Award winner came up with this algorithmic trick for passwords - paulryanrogers
http://www.computerworld.com/article/2978392/data-security/tired-of-memorizing-passwords-a-turing-award-winner-came-up-with-this-algorithmic-trick.html

======
paulryanrogers
Not exactly novel. I've heard of these for months now. A quick web search
turns up this blog from 2008: [http://www.acleandesign.com/2008/05/password-
algorithms-crea...](http://www.acleandesign.com/2008/05/password-algorithms-
create-and-remember-unique-passwords-for-every-account/)

Also seems to produce short passwords.

~~~
markbnj
Short, yes, but with a significant amount of entropy for their length. In any
case, what strikes me is that this approach just makes the algorithm the
secret instead of the token. Are people more likely to be able to remember
algorithms for transforming URLs into passwords? I tend to doubt it.

~~~
ocdtrekkie
I feel this is an unnecessary complexity thing. There are much easier things
to remember that can be much much harder to brute force.

How is this any improvement over 'correct horse battery staple'?

Also, other flaws involve needing to meet site-specific password policies. The
Amazon one in the article, is probably actually too short of a password for
Amazon. And what if your sites requires certain special characters or
disallows others?

~~~
markbnj
Yep, agreed, and like you I tend to favor passphrases over passwords. I find a
sentence related to something meaningful in my life to be more memorable than
a single word, especially when it's munged up with obfuscating character subs.

