Hacker Newsnew | comments | show | ask | jobs | submit login

I'm getting off topic, but I'm amazed that you don't actually know some of the passwords you are typing. Also, if your passwords are becoming muscle memory, isn't it time to change them?

> Anyway, this tool won't work for me, and it looks a lot like addiction to me if you can't walk away when someone or something tells you to.

That's an interesting thought because people actually do go thru working addictions (aka workaholics). However, I don't know any workaholics that install this kind of software or monitor when they should take breaks. Perhaps this could apply to a recovering workaholic though.




> if your passwords are becoming muscle memory, isn't it time to change them?

Somehow I feel they're safer in muscle memory than in 'normal' memory. There has been a research project once which stored the password in muscle memory by using some sort of game. It got quite a lot of attention, but I don't remember what it was called or anything...

Passwords in muscle memory are quickly and easily typed on almost any normal keyboard. It's actually harder to type them slowly. Like with phone numbers that you know by heart, you need to recite it from the beginning (without pausing for too long) if someone asks the last five digits. This fast typing makes it harder for onlookers to figure out what it is, although most people are probably able to type quickly enough that you can't make out their password regardless.

But yes, it is impractical at times. On the other hand, what new password can I easily use? It's not that easy to remember a randomly chosen sequence, passphrases are not accepted everywhere (needs digits, or are too long, or...), and it only adds to the list of passwords to try before I can login somewhere.

Right now I have a few classifications for passwords. Unsecure sites (no https, unimportant, or bad storage like LM hashes) get a low-grade password, and the best passwords are used only on extremely high profile websites and accounts (like my e-mail password). When I get more new passwords, I'll have to somehow remember if the account was before or after the switch. That's gonna be messy, and I prefer not to try too many passwords. The website could log invalid logins or even collect passwords, and the connection can usually get intercepted (https is not as widespread as I would like). And there is the problem of getting locked out after too many invalid logins. I have enough passwords and variations that 3 times just aren't always enough attempts.

-----


> Somehow I feel they're safer in muscle memory than in 'normal' memory.

From my understanding, muscle memory is formed when a task is repeated frequently. It's basically like your "normal" memory caching these motions. So, in theory, you should at least _know_ your memory cached passwords.

> And there is the problem of getting locked out after too many invalid logins. I have enough passwords and variations that 3 times just aren't always enough attempts.

Ah, I hate it when that happens. Have you tried using a password manager like LastPass or 1password?

edit: https://lastpass.com/

-----


I don't feel like storing my passwords anywhere but in my head. The rare case that I do write them down, I make sure it's not easy to find what account it belongs to and that it's stored securely. And it's usually only written down temporarily until I remember it.

-----


Get a good encrypted password manager so you can generate and store separate random strings for all your web passwords. Problem solved.

-----


> Also, if your passwords are becoming muscle memory, isn't it time to change them?

My passwords for Really Important Things are random strings. Committing them to muscle memory happened in a few days; actually being able to remember them is a hassle that isn't worth it.

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: