On 2012-01-11 11:36 AM, Michael Mol <mike...@gmail.com> wrote:
Most of my passwords are some hash[1] of a common passcode[2] and some
site-specific or service-specific mnemonic. I imagine this would work
similarly, using the absolute URL in place of a mnemonic.
The downside would be if the server changed its URL rewriting scheme.
- From their perspective, they didn't break anything as long as things
301 redirect to where they should. But it does break things that make
assumptions about absolute URLs. (I've seen that break StumbleUpon
thump-up counts, for example.)
This is not a problem with Passwordmaker as long as you use a custom
account, because all you hev to do if the URL changes is add/edit the
URL pattern (used to detect the account/page). The 'text' used for
*calculating* the password wouldn't change then.
[1] The hash algorithm is something I can easily do in my head, not
some massive, crypto-secure, heavily-mathematical thing.
I do something similar with Passwordmaker... I have a specific way I
'modify' the password (add a few specific characters at certain places
in the password) before logging in, but I only do this with critical
sites/passwords.
[2] I change the passcode I use for new passwords every several
months, but I can usually guess which one I used for any given site
within three tries. It works out, and is a nice in-head way to have a
different password for every site.
I almost never change my passwords, unless there is a good reason to.
With a strong password, it simply isn't necessary. But if you need to,
it is dead easy in Passwordmaker - just add a '1' to the modifier field
for that account, then start incrementing it whenever you change it.
