• @[email protected]
    link
    fedilink
    English
    21 year ago

    The problem with using hash schemes like this is that when your password is leaked you can’t easily rotate the password.

    • @[email protected]
      link
      fedilink
      English
      11 year ago

      This is what got me using a password manager. I didn’t want to trust a password manager because it felt like they would be highly targeted and one vulnerability would reveal everything. And let’s be honest they still are the same.

      So I had my own scheme for generating passwords. I made myself a script that I could use on my phone and PC. It worked beautifully and effortlessly until occasionally a service would force me to choose a new password. When this started happening I made a new scheme for generating passwords and made a new script. When it first happened it was still reasonably easy because there was only one service I had to use the alternative. It started to become more difficult the more services asked for a new password.

      I used my own system for several years until I had enough with trying to remember which services used the alternative scheme and wondered when I’d have to make a third scheme. And if I did then the mental complexity would significantly increase.

      Interestingly only a couple of services publicly announced they had been hacked and none of my passwords have ever appeared on haveibeenpwned. So I wonder why these services asked for a new password and if they had been attacked why they chose not to announce it.