Hacker Newsnew | comments | show | ask | jobs | submit login

Your scheme is no easier to implement than having a different password for each website. You have effectively moved part of the password out of the password and into the email address.



It is only easier in the sense of not having to install or use a password manager, and that the email addresses themselves are not as sensitive as the password.

As with everything security related, there is a trade-off. I'm not saying it's more secure, but it can be more convenient in certain circumstances and for certain people.

A password-manager is more secure (if the master password is and the manager software is safe). A unique email address + unique password with a password manager even more so. two-factor authentication even more... and so on...

It's just a question of options/priorities. This is still a valid option in my opinion which might work well for some people who don't want / can't use a password manager, but can handle a list of random email addresses...

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: