by kutenai on 1/26/2024, 5:26:46 PM
I just memorize it. Write it on a small sticky and hid it somewhere for a period of time until the master is memorized.. then destroy it.
you could write it on that flame paper they use in spy novels.. now that would be cool also. Does Amazon carry that?
by roland35 on 1/26/2024, 2:11:50 PM
I have a circle of password managers all storing each other's master password
by mortallywounded on 1/26/2024, 12:28:21 PM
I'm not really sure what it's called, but mine is based on a sentence I have memorized combined with some fixed symbols. I basically take the first letter of each word and keep capitalization and symbols.
For example, if the sentence I memorized is, "I dreamt I was a butterfly! What a wonderful sight it was." my password would be: IdIwab!Wawsiw.
by acheong08 on 1/26/2024, 1:08:43 PM
I’ll be changing my password after this comment but here’s how I did mine:
<nickname unused since 12 years ago><phone number that no longer exists><another phone number but with shift keys><random http status code>
by vipa123 on 1/26/2024, 5:29:09 PM
For some password hardening I take a short random password I already have memorized like abc1oktt and then use my own phonetic change... For example, That one becomes ehbesee1ohcayteaTea... For my master password I take three different of these and just concatenate them together to make a nice long passphrase... Not for everyone, I'm sure. But for me it essentially reinforces and reuses passwords I've known for 25 years... I also convert numbers like SSN or phone with a similar poor cipher... Nein,Ate,Sefen etc..
by Zetobal on 1/26/2024, 2:40:26 PM
My favorite band has really long song titles so it's rotating between song names with some added numbers.
My last one was "The One Armed Boxer vs. the Flying Guillotine.1234". Numbers changed ofc ;)
by zwayhowder on 1/26/2024, 4:55:23 AM
I use Diceware. 6 random words with alphanumeric padding. So basically the XKCD, but something like:
correct_2_horse_2_battery_2_staple. In my experience it doesn't take long to memorise the words.
I have two passwords I know off by heart, my password manager and my gmail (just in case). I also capitalise a certain letter in each word, but that pattern is in my head only.
I am of course lazy, so I use biometrics on my phone/tablet/laptop to minimise the need for entering my password. But I wouldn't if I still worked in a high risk industry.
by wruza on 1/26/2024, 3:26:50 PM
There's an ancient trick to memorize your complex password: enter it twice a day for a week or so.
by account-5 on 1/26/2024, 9:39:48 PM
I don't know the master password for my password manager. I remember the way I type it on the keyboard. Disadvantage being I really need to be in front of a standard keyboard to open the vault.
I also use a keyfile too for added security.
by ssss11 on 1/26/2024, 7:14:27 AM
Multiple words strung together that are important to you…
by Erratic6576 on 1/26/2024, 1:23:43 PM
Song verses are easy to memorise and quite long to type
by blinded on 1/26/2024, 5:59:16 AM
I just memorize the 20 char random strings.
by patatino on 1/27/2024, 7:15:35 AM
Printed emergency kit from 1Password in a bank safe so my wife can access everything if I die.
by embeng4096 on 1/26/2024, 11:03:09 PM
It usually shows up as stars so I don't need to worry about other people seeing it, see: hunter2
Jokes aside, I memorize my password manager's master password, and have it written down in a notebook but in a different glyph set (Idk the scientific name). It's not ciphered or anything so can be decoded, but the chances of somebody recognizing Elian script are fairly low, I think, and recognizing something like Royal House of Riftgard script even lower. And if you use something like Elian script it can be obfuscated further by stylistic alterations. That, combined with a rotating cipher, even something like rot13, is probably enough to defeat all but the most determined attackers, in which case I'll have bigger things to worry about, like the XKCD wrench (https://xkcd.com/538/)
by millzlane on 1/26/2024, 1:55:24 PM
supersecure password X 2
s0 S2oMeThIng Tha! uses words with r@ndom CaPs spaces 123456789s and Spec!@l ch@racters=-!s0 S2oMeThIng Tha! uses words with r@ndom CaPs spaces 123456789s and Spec!@l ch@racters=-!
by ElevenLathe on 1/26/2024, 12:48:39 PM
Keep it on a piece of paper somewhere safe.
by yoyopa on 1/26/2024, 4:55:57 AM
Passw0rd!@#$!@#$!@#$!@#$
by LabMechanic on 1/26/2024, 9:50:29 PM
I have three options for you, along with my two cents on each:
1) *Bitwarden:*
I am no longer using Bitwarden since they can delete your account at any time for any reason[5].
2) *KeePassXC:*
For KeePassXC, you need to store your "Passwords.kdbx" (~16 kB) database file somewhere and remember a master password.
3) *Spectre (https://spectre.app/)\\\*
I haven't tried it yet; however, Spectre calculates your password each time you need it. All you need is a name (e.g., your full name), your master password (see Diceware[1]), and the site name, from which Spectre algorithmically calculates your password. If you need to change a site's password, iterate the counter and calculate a new password.
It works offline and is open source. Here's a web app version that runs locally:
[Spectre Web App](https://spectre.pw/)
*Bonus: One-Time Pad + (Layman-ish) Physics:*
There are plenty of reasons to be paranoid[2]:
- Firmware-wise (e.g., Intel Management Engine, Coreboot, Libreboot, system on a chip)
- Hardware-wise (i.e., Von Neumann architecture - Code + Data)
- Operating System-wise
(e.g., 0-click exploits, remote code execution to manipulate the CPU's instruction pointer,
stack overflow, Pegasus)
- Facility-wise (e.g., electromagnetic waves, cell towers, Faraday cloth)
- You (making mistakes)
Message: Hello -> ASCII -> Binary
Key: 5EYES (keep this private, must be random)
Cipher: <Message in binary format> XOR <Key in binary format> -> convert back to ASCII
*References:*
1. Diceware, [Wikipedia](https://en.wikipedia.org/wiki/Diceware)
2. CS155 - Computer and Network Security,
[Stanford](https://crypto.stanford.edu/cs155old/cs155-spring18/syllabus.html)
3. [One-time pad - Wikipedia](https://en.wikipedia.org/wiki/One-time_pad)
4. Animated Explanation of the one-time pad, https://www.youtube.com/watch?v=QVV_bUxxiZ8
5. https://tosdr.org/en/service/1348
A) If you assume determinism (because our current "collective bias" leads us that way),
then the quote marks are okay; if not, then not.
Personally, everything seems to be based on assumptions or beliefs anyway (your existence, math, ...),
so I go by "ignorance is bliss."
xkcd/936 is OK-ish for educated geeks, but in practice for a large amount of no-tech users, they only have a few candidates of fruits, sports, animals, or city names to pick from, let alone not to mass it up in memory at some point.
For now, the best option seems to store a complex master password in your phone's keychain and protect it with biometric authentication, but it's important to keep your phone safe. If someone steals your iPhone and the passcode, they could wipe out your iCloud account within just a few clicks.
Now shameless plug, I've just posted "accdoo cipher" on Show HN two days ago [1], and if you have one second to spare, here is my pa33w0rd for demonstration [2].
Any other ideas?
btw: I feel relieved that password managers (Bitwarden and 1Password for example) only require a minimum length for your master password. There are no complicated rules to follow, which is great. I hope other companies follow their approach.
[1]: https://news.ycombinator.com/item?id=39115559
[2]: https://accdoo.app/#0118-999-881-999-119-7253#256