• dependencyinjection
    link
    fedilink
    arrow-up
    25
    ·
    6 months ago

    This is terrible. If someone gets a couple of your passwords it’s pretty easy to work out the patterns and gain access to your other accounts.

    Don’t complicate it. Use a password manager. I know none of my passwords and that’s how it should be.

    • DNOS@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      I Guess we already have a couple of his passwords … Good job man, Sorry whats your name ?

    • patatahooligan@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      6 months ago

      For someone to work it out, they would have to be targeting you specifically. I would imagine that is not as common as, eg, using a database of leaked passwords to automatically try as many username-password combinations as possible. I don’t think it’s a great pattern either, but it’s probably better than what most people would do to get easy-to-remember passwords. If you string it with other patterns that are easy for you to memorize you could get a password that is decently safe in total.

      Don’t complicate it. Use a password manager. I know none of my passwords and that’s how it should be.

      A password manager isn’t really any less complicated. You’ve just out-sourced the complexity to someone else. How have you actually vetted your password manager and what’s your backup plan for when they fuck up?

        • patatahooligan@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          6 months ago

          So no vetting at all presumably since you didn’t mention it? So how do you know that Dashlane is safer than a password scheme that might be guessed by someone after they’ve already compromised a couple of your passwords?

          • dependencyinjection
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            Dashlane is pretty big and I’ve not seen any negative reports from security researchers. They offer bug bounties for people that do find vulnerabilities etc.

            I believe the consensus is that password managers are better than any human password scheme. I could host my own manager but then there are more vectors for an attack, and why reinvent the wheel.