With the recent post about getting hacked, I was wondering about how everyone on HN manages their passwords. I searched HN history and there have been a few threads on this topic, but with very few comments.<p>It seems that one of these types of post surfaces every month or so, reminding us of the dangers and security issues surrounding passwords/backups/dependence on cloud sites and what happens when things go wrong.<p>The classic tradeoff with passwords is one between security and convenience. I used to use a password manager briefly, but it was too inconvenient (mobile access + access on other computers).<p>Who uses a password manager? If you don't use a password manager how many passwords to you keep? Does anyone use a scheme for keeping passwords?--for example, given the website you can figure out what your password is based on some rule.<p>I'm thinking of switching to that last one--are there any strong reasons not to, or better ways to keep passwords if I don't want to use a password manager?
I've recently moved to using 1password (prior to that, Lastpass). I was skeptical at first, but have grown to embrace 1password more and more and find myself annoyed when sites will not allow my standard, 1pass generated passwords (50 characters).<p>That said, two factor for anything of critical importance (in my case, gmail and work email).
Use two factor where possible, but for the password, here's an easy format that I use to generate a strong and (somewhat) unique password per site:<p>1. Choose you paraphrase - something like "I like long walks on the beach after seven"<p>2. Take the first letters to give you something like this: iLLwotBa7<p>3. Throw a symbol on the end: iLLwotBa7?<p>4. Append a 3 letter site name acroym in a similar way to the phrase (I use 3 for consistency): iLLwotBa7?hkn<p>5. Throw on another symbol: Append a 3 letter site name acroym in a similar way to the phrase (I use 3 for consistency): iLLwotBa7?hkn!<p>That's what I do, so I only have to remember the 3 letter for each site. Here's some more: Reddit - rdt, Gmail - gml, etc.
I use hard copy and do not carry them with me- For most non critical site I use a simple algorithm to get the password on the fly. For sites that support openid, I use 2 factor auth enabled two factor I have created-.