Hacker News new | comments | show | ask | jobs | submit login
Show HN: DIY-DRY Password System
3 points by usermac on June 19, 2015 | hide | past | web | favorite | 5 comments
My system is to use a standard, common word, such as "cat." Let it begin with a capital letter followed by the service name. Last is a favorite number; for example, Catinstagram17 for Instagram and Catfacebook17 for Facebook.

Even if your password is stolen from Facebook, the hacker can't use it to brute-force themselves into your Instagram account, as the password won't match. Instagram and other services usually code and "salt" user passwords with a hash system. For example, the Catinstagram17 to you is obfuscated in the checked against file at the service and it looks something like this: "9dC90Oy26#^Y." So, along with all the other encrypted user passwords in the list, they likely won't see your pattern.

For the banks and work with heavy restrictions, such as special characters, I just add that to the end.

*DIY is "Do it yourself," and DRY is "Don't repeat yourself."

[T]hey likely won't see your pattern. is the weakness in this system. There are bad web sites that still do not encrypt your password, in which case a hacker will see your pattern. There are many web sites that use poor encryption practices in which case a hacker can brute force decrypt your password and see the pattern.

Once an attacker guesses your pattern, it is game over.

Author here. Agree.

I don't know why, but I like that this was a Show HN. I was just thinking, "Hmmm...creating something that is both random and memorable seems hard. That venn diagram must not intersect often."

Then I realized some of the most memorable things in my head were because they were so novel, weird and essentially random.

I know the answer to a riddle like this is something like 1Password...but it doesn't feel right, does it? The trouble might be that we're looking for an elegant solution. To me, that's always a warning sign. The search for elegant solutions tend to be fool's errands for young designers of systems.

Not that I think you were thinking this hard about it. It seems like you're just starting a dialogue, which is great.

Author here. You are spot on.

I started doing that a while ago, although by mixing the name of the service. What I do now is also use some letters from my login email, to make the password unique for the domain and for the login I'm using.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact