• patatahooligan@lemmy.world
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    4 months ago

    For someone to work it out, they would have to be targeting you specifically. I would imagine that is not as common as, eg, using a database of leaked passwords to automatically try as many username-password combinations as possible. I don’t think it’s a great pattern either, but it’s probably better than what most people would do to get easy-to-remember passwords. If you string it with other patterns that are easy for you to memorize you could get a password that is decently safe in total.

    Don’t complicate it. Use a password manager. I know none of my passwords and that’s how it should be.

    A password manager isn’t really any less complicated. You’ve just out-sourced the complexity to someone else. How have you actually vetted your password manager and what’s your backup plan for when they fuck up?

      • patatahooligan@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        4 months ago

        So no vetting at all presumably since you didn’t mention it? So how do you know that Dashlane is safer than a password scheme that might be guessed by someone after they’ve already compromised a couple of your passwords?

        • dependencyinjection@discuss.tchncs.de
          link
          fedilink
          arrow-up
          1
          ·
          4 months ago

          Dashlane is pretty big and I’ve not seen any negative reports from security researchers. They offer bug bounties for people that do find vulnerabilities etc.

          I believe the consensus is that password managers are better than any human password scheme. I could host my own manager but then there are more vectors for an attack, and why reinvent the wheel.