Hacker News new | past | comments | ask | show | jobs | submit login

But if each of those is a valid password, how does it defeat keyloggers or shoulder snoopers in any way? They just have to type in the same password.

Now, if the rules were totally secret, you could make it such that each time you used a password, it was no longer valid. That would defeat the keylogger, while still allowing you to remember your 3 special characters. But of course you can't ever assume your rules are secret (security by obscurity and all that).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact