Hacker Newsnew | past | comments | ask | show | jobs | submit | thiagoc's commentslogin

"Now I need to change my password on all websites that I use >:/"


YES! I really want that too!


Never used Brave, but switched to Opera recently and it's doing great in blocking ads.


I'm a happy user of Afraid's FreeDNS: https://freedns.afraid.org

Edit: I'm not affiliatted with the service, I just really like it.


Joshua is a really friendly and generous one to run it for all these years. I'd trust this than some corporate who didn't bother to migrate customers.


What a throwback. It's great to see that their service is still trucking along.


Yes! I have used it for years, it Just Works.


I thought the same thing.


I want that too. Now I'm using Backupsy[1] when I need a VM with more disk space.

[1] https://backupsy.com/aff.php?aff=367


I have used a similar aproach, but I don't hash them. Here's a example:

Supose I have the master password "t3st1ng" and "!@#" as separator. When I want to register on site www.reddit.com, I just use the password "reddit.com!@#t3st1ng".

This way I always have a strong password and I can use different passwords in every site, and I just have to remember the master password.


This is dangerously insecure.

Let's say badsite.com stores your password in plaintext and their database is compromised (or they're malicious actors in the first place who created the site with the purpose of gathering login credentials).

Now, an attacker who sees this will try go to gmail.com and enter the password gmail.com!@#t3st1ng (with your email address), or bankofamerica.com and try bankofamerica.com!@#t3st1ng.


Yeah, you're right. Maybe a more secure way would be make reddit.com unreadable. For example:

mctddr (backwards without dot and vowels)

r5d9t (change vowel with the position number in the alphabet and without repeated letters)

There are several ways to do it.


However clever you get with your mental encoding, it can be decoded by anyone at least equally clever.


This is exactly as bad as a single master password, because now I know your hypothetical password for HN is "news.ycombinator.com!@#t3st1ng".


Ehrm, what's the purpose of it? Once one of your passwords is leaked, your master password is leaked too.


I would never recommend using this for mission-critical passwords like your bank or Gmail, but I think for most throwaway sites in the past, this was OK. Now with the availability of password managers, I think the clear winner is to use a password manager.


I prefer running a simple algorithm in my head so if my plaintext password gets leaked, an attacker can't just replace "reddit.com" with the name of another site.


What about tell your friends/coworkers about your feelings? Maybe, together, you can make changes on your current work-style to make you happy.


I'm using it successfully with a custom domain. It works great.


Santa Catarina/Brazil, Remote, Relocate (H-1B needed), Full time

Stack: Python, Shell script, Javascript, HTML/CSS. MySQL, Linux, Asterisk PBX

Contact: root@thiagoc.net

Want to work with Python development and/or devops.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: