

Ask HN: Is there a good way to create pseudo-random passwords mentally? - seanalltogether

With more and more news about databases being cracked, and the fact that I use maybe 4 unique passwords for all the services I connect to, I'm wondering if any HNers have devised schemes for creating <i>unique-ish</i> passwords for the services they access.<p>I don't want to use a password manager because not all services I access will happen just from a laptop, I would love some kind of scheme that can be mentally recited while allowing for something approaching a unique key. Is there anything you guys use?
======
tgriesser
You could try having a base unique-ish password preceded by a site/service
specific unique prefix... so a unique-ish base you would remember "pa$$word"
on google would be $go-pa$$word on facebook would be $fb-pa$$word and so on.

I guess if someone a) cracked the password and then b) realized you were using
some sort of prefix pattern for all sites they could somehow exploit that, but
it's definitely better than the same 4 passwords for everything

------
byoung2
You could try taking a memorable phrase and encoding it:

Iagnblb8daw = I ain't got nothin' but love babe, Eight days a week

I just took one line from a Beatles song, and used the first letter from each
word, replacing spelled out numbers with the digit.

~~~
autumn_
I always wonder when password cracking tools will take this method into
account, and iterate over a database of popular song lyrics, phrases,
speeches, and such. I suspect this won't be feasible forever.

~~~
trafficlight
I do the phrase thing, too, but the sentences are usually made -up gibberish.

------
Terretta
Type the name of the site with a key position shift up, right, left, or down,
on each letter. Your password is the sequence of shifts, but every site ends
up different and the result will look random.

------
wavephorm
One of the better methods I've heard of is to just hash the domain you're
logging in to. Choose a PIN, like 1337, then add that PIN to a substring of
the domain:

ycombinator.com = 1337ator

techcrunch.com = 1337unch

So, yeah if someone finds out your PIN they can log onto all your accounts. So
use it only for non-essential passwords, especially not for email/bank.

