Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This looks like a fun project, although whenever something like this comes up I have to wonder if providing ways to make passwords more memorable is in fact a beneficial activity, since ideally people won't be remembering more than one password anyway (the master password of their manager). Of course there are exceptions, like login/unlock codes for PC and phone, but often in those exception cases a long string of characters isn't practical anyway. The cases where it is would normally be very few.

That said, I don't think I really believe my own argument. Anything that gets people thinking about better ways to handle their passwords is probably a good thing. Once the ball is rolling, they might even land on a password manager. Perhaps even through this comment!



I use a password manager, but I still use xkcd936 password for things that I have to type in often. Like the password to unlock my phone or computer, or passwords to mobile banking apps that I check often.

Copy-pasting out of the password manager on a phone is a multi-step process, most of which is all of iOS's new animation delays.

There's a world for both of these things, and xkcd936 passwords are very easy to generate:

    $ cat $(which xkcd936)
    #!/bin/sh
    cat /usr/share/dict/words | unsort | head -n 40 | xargs -n4 echo


Note that `unsort` uses the Mersenne Twister for its PRNG, which is not cryptographically secure [0]. However, cracking Mersenne does require a significant amount of random bytes generated from the same seed, and a quick glance at the source reveals that it initializes the seed from /dev/urandom where available (unsort.c:169), which is good and probably obviates practical attacks.

[0] https://jazzy.id.au/2010/09/22/cracking_random_number_genera...


What attack are you envisioning on me running that by hand and pasting one of those passwords into an online service?


Mm, ya, those make sense. On Android, Lastpass is getting better at autofilling into native apps, but it's still not foolproof. Getting better though!


I killed those animations in settings the day I installed iOS 7. You should too!


How? I've only found the option to reduce motion sickness which changes the zooms and slides to fadeouts that take the same point of time


Passwords are in themselves not really secure. The problem is that when somebody gets a hold of your password somehow, he can log into your systems indefinitely. And leaking a password is easier than most people think (for example, a keylogger installed on a public machine or even on your own machine physically or through an OS exploit).

Hence it is much better to use one-time-passwords. And I guess what we need is a universal method to communicate these passwords to our computers, by means of an external cryptographic device. A good first step could be an infrared cryptographic transceiver built into our keyboards. And a cryptographic device could be built into our smart-watches (finally a good use for them!)




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: