Hacker News new | past | comments | ask | show | jobs | submit login

This bothers me because I prefer to use slightly embarrassing passphrases. I do that because it creates a secondary incentive not to disclose them.

In college my roommate and I made our wifi password something like a fart joke. Perfectly fine to tell to our close friends, but kinda embarrassing.

One day, at the end of the semester, our female neighbor knocked on our door and asked if she could use our wifi since she was moving out the next day and had already canceled her Internet.

I would have been happy to share with her, but I couldn't bring myself to tell her the password. Instead I just said my roommate was "really weird about sharing our wifi" and apologized.

I don't think that incident ever actually made me change the password though.

It's probably actually easier to learn vulgar passwords. Well vulgar anything really, it's a memorization trick we were taught in school to find a way to relate boring things to sex. Probably anything that has strong emotional valence works.

Yup, Moonwalking with Einstein explains this phenomenon well. I know I'll never forget 'Sex On Hard Concrete Always Hurts The Orgasmic Areas', which my Maths teacher passed on ~30 years ago.

we always preferred the "Some Old Hippy Caught At Home Tripping On Acid"

I won't repeat the one we were told to remember Resistor color codes.

I would avoid doing that, invariably they end up in dumps with your name and email next to them.

One of the more interesting things about reused "unique" passwords is they can serve as a fingerprint to link accounts you may not otherwise be able to attribute to the same account/individual.

You missed the "slightly" part of the embarrassing. You can find other more embarrassing things I wrote when you search for my email-address. Re-use of slightly embarrassing passwords is not worse than re-use of any other unique password.

Also https://www.xkcd.com/137/

Does that mean that it is embarrassing and can be tied to you or that it is just embarrassing to say? If the first, then wouldn't you risk being pwned and having that used against you?

Oh no not that embarrassing. I don't record private secrets into my passwords. They're more like "I never told Cindy I loved her." with Cindy being a now-dead cat. My embarrassment threshold is low :-)

I worked with someone who had to share a password to solve a major outage. (Yes, I know...)

It was a rude comment about a colleague.

Want better password hygiene in the workplace? Encourage rude passwords!

Password rule N+1: "A password must contain at least one word from our list of banned URLs."

At a former job I could not go to one of global corp Tata sites, because tata.

Good luck finding out where Penistone or Scunthorpe are...

I’m guessing the latter. Not saying my password is 8o0b7fOr2060+9

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact