Hacker Newsnew | comments | show | ask | jobs | submit login

I think it's possible to flip the order. Instead of managing 100 passwords for each account, manage 100 emails and ONE password for all accounts. Make sure your password is really strong, and you should be better-off than managing those 100 passwords, which require a secure password manager.

Of course it's better to have a real password manager, but for most people, who don't or can't be bothered setting this up, this would be a huge step forward since they anyway use the same email and the same password everywhere.




And then one of the accounts' password is stored in plaintext and the database is leaked with the mail addresses and everyone can easily log in as you at 100 services.

Never, ever, re-used passwords for anything you value.

-----


Except, as the comment you responded to suggested, you would use a different email for each service.

-----


did you actually read what I was saying on the blog post or the comment??

Most people re-use not only the password, but also their email. This is the worst combination.

If you use an unpredictable, unique email address, and use a secure password. Even if it leaks on one site, the attacker has no easy way to predict what your email address is going to be on any other site without having access to the list of email addresses.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: