Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This doesn't address the key issue of how many "in head" horcruxes you want to have. Is it one and the same for all passwords? Then two broken passwords reveals it (if someone's clever maybe even 1, not sure here). If it's different for different passwords, you now need to memorize (or store elsewhere) a list of many, many such horcruxes. Not 7... but maybe a 100 or 200 to be practical for a heavy user of internet apps. Which basically means you need 2 password managers.

So where do I store the 100 horcruxes? What's your take on this?



A 2nd password manager for the 2nd part of the password breaks maybe the key advantage of this mechanism by putting the "something you know" into a decryptable by design storage space that is most likely duplicated in the cloud.


I have about 400 DPG passwords all stored in my head.

https://github.com/62726164/dpg


Now teach my grandma to do that.

Experts can go buy yubikeys and achieve far greater security for less work. Everything else needs to work for the masses.


deterministic password generator? You mean like https://pwdhash.github.io/website/ ? Might be worth spelling out the differences for those of us lacking expertise in computer security matters.


You can store them on a keyring or in a wallet.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: