

Show HN: DIY-DRY Password System - usermac

My system is to use a standard, common word, such as &quot;cat.&quot; Let it begin with a capital letter followed by the service name. Last is a favorite number; for example, Catinstagram17 for Instagram and Catfacebook17 for Facebook.<p>Even if your password is stolen from Facebook, the hacker can&#x27;t use it to brute-force themselves into your Instagram account, as the password won&#x27;t match. Instagram and other services usually code and &quot;salt&quot; user passwords with a hash system. For example, the Catinstagram17 to you is obfuscated in the checked against file at the service and it looks something like this: &quot;9<i>dC90Oy26#^Y.&quot; So, along with all the other encrypted user passwords in the list, they likely won&#x27;t see your pattern.<p>For the banks and work with heavy restrictions, such as special characters, I just add that to the end.<p></i>*DIY is &quot;Do it yourself,&quot; and DRY is &quot;Don&#x27;t repeat yourself.&quot;
======
gvb
_[T]hey likely won 't see your pattern._ is the weakness in this system. There
are bad web sites that _still_ do not encrypt your password, in which case a
hacker will see your pattern. There are many web sites that use poor
encryption practices in which case a hacker can brute force decrypt your
password and see the pattern.

Once an attacker guesses your pattern, it is game over.

~~~
usermac
Author here. Agree.

------
kevin
I don't know why, but I like that this was a Show HN. I was just thinking,
"Hmmm...creating something that is both random and memorable seems hard. That
venn diagram must not intersect often."

Then I realized some of the most memorable things in my head were because they
were so novel, weird and essentially random.

I know the answer to a riddle like this is something like 1Password...but it
doesn't feel right, does it? The trouble might be that we're looking for an
elegant solution. To me, that's always a warning sign. The search for elegant
solutions tend to be fool's errands for young designers of systems.

Not that I think you were thinking this hard about it. It seems like you're
just starting a dialogue, which is great.

~~~
usermac
Author here. You are spot on.

------
mw67
I started doing that a while ago, although by mixing the name of the service.
What I do now is also use some letters from my login email, to make the
password unique for the domain and for the login I'm using.

