Tanstaafl wrote: > On 2012-01-11 11:36 AM, Michael Mol <mike...@gmail.com> wrote: >> Most of my passwords are some hash[1] of a common passcode[2] and some >> site-specific or service-specific mnemonic. I imagine this would work >> similarly, using the absolute URL in place of a mnemonic. >> >> The downside would be if the server changed its URL rewriting scheme. >> - From their perspective, they didn't break anything as long as things >> 301 redirect to where they should. But it does break things that make >> assumptions about absolute URLs. (I've seen that break StumbleUpon >> thump-up counts, for example.) > > This is not a problem with Passwordmaker as long as you use a custom > account, because all you hev to do if the URL changes is add/edit the > URL pattern (used to detect the account/page). The 'text' used for > *calculating* the password wouldn't change then. > >> [1] The hash algorithm is something I can easily do in my head, not >> some massive, crypto-secure, heavily-mathematical thing. > > I do something similar with Passwordmaker... I have a specific way I > 'modify' the password (add a few specific characters at certain places > in the password) before logging in, but I only do this with critical > sites/passwords. > >> [2] I change the passcode I use for new passwords every several >> months, but I can usually guess which one I used for any given site >> within three tries. It works out, and is a nice in-head way to have a >> different password for every site. > > I almost never change my passwords, unless there is a good reason to. > With a strong password, it simply isn't necessary. But if you need to, > it is dead easy in Passwordmaker - just add a '1' to the modifier field > for that account, then start incrementing it whenever you change it.
Pretty sure I understand the thing. The biggest driver for me to change my passcode are leaks...whether it's something like Sony's Play Station Network leak, or whether I typed something into the wrong terminal, or whether something stole focus at the wrong moment. Critical sites get their password changed first, on the off chance someone knows enough about me to guess my username, mnemonic and hash. Less critical sites follow. Actually happened Sunday morning. Typed a password into the wrong window, and now I've got a new passcode.
