Hacker News new | comments | show | ask | jobs | submit login
Show HN: DIY-DRY Password System
3 points by usermac on June 19, 2015 | hide | past | web | favorite | 5 comments
My system is to use a standard, common word, such as "cat." Let it begin with a capital letter followed by the service name. Last is a favorite number; for example, Catinstagram17 for Instagram and Catfacebook17 for Facebook.

Even if your password is stolen from Facebook, the hacker can't use it to brute-force themselves into your Instagram account, as the password won't match. Instagram and other services usually code and "salt" user passwords with a hash system. For example, the Catinstagram17 to you is obfuscated in the checked against file at the service and it looks something like this: "9dC90Oy26#^Y." So, along with all the other encrypted user passwords in the list, they likely won't see your pattern.

For the banks and work with heavy restrictions, such as special characters, I just add that to the end.

*DIY is "Do it yourself," and DRY is "Don't repeat yourself."




[T]hey likely won't see your pattern. is the weakness in this system. There are bad web sites that still do not encrypt your password, in which case a hacker will see your pattern. There are many web sites that use poor encryption practices in which case a hacker can brute force decrypt your password and see the pattern.

Once an attacker guesses your pattern, it is game over.


Author here. Agree.


I don't know why, but I like that this was a Show HN. I was just thinking, "Hmmm...creating something that is both random and memorable seems hard. That venn diagram must not intersect often."

Then I realized some of the most memorable things in my head were because they were so novel, weird and essentially random.

I know the answer to a riddle like this is something like 1Password...but it doesn't feel right, does it? The trouble might be that we're looking for an elegant solution. To me, that's always a warning sign. The search for elegant solutions tend to be fool's errands for young designers of systems.

Not that I think you were thinking this hard about it. It seems like you're just starting a dialogue, which is great.


Author here. You are spot on.


I started doing that a while ago, although by mixing the name of the service. What I do now is also use some letters from my login email, to make the password unique for the domain and for the login I'm using.




Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: