What method of storing my passwords should I use?
21
1.1kṀ846
2030
81%
If I use a password manager, will I judge it to have been the better choice in 3 years?
50%
If I use a password generator, will I judge it to have been the better choice in 3 years?
38%
If I use a password scheme, will I judge it to have been the better choice in 3 years?

A "password scheme" being a private algorithm I can do in my head that accepts a website's identity and outputs a string of characters to use as a password. This makes me immune to credential stuffing attacks while still being convenient to use and not requiring me to store my password anywhere it could be stolen.

The main downsides of a password manager are that it provides a single point of failure if it gets hacked or my master password stolen somehow, and it's annoying to use if I have to log in on a new device. It also risks locking me out of my accounts if my hard drive fails; I could of course back it up, but if I do so in the cloud that's another risk vector.

The downside of a password scheme is that I'm not aware of any proper hash function that I can do in my head, so while using a password scheme does make me immune to traditional credential stuffing attacks, an attacker who's targeting me personally and manages to get 2 or more of my passwords might be able to reverse engineer the scheme and break into all of my other accounts. Also, it'll be difficult to design a scheme that can handle password requirements and enforced changes. And it won't catch phishing attacks that rely on presenting me with a lookalike domain name, whereas a password manager (partially) would.

When I'm calling a "password generator" is a hybrid approach, like Spectre. Has the benefit of not having to actually store my passwords somewhere like a password manager does, but uses a real hash algorithm and so is secure against reverse engineering like a password scheme is weak to. The main downside of a password generator is it will be annoying to have to copy-paste the password over each time I want to use it.

Password schemes and generators are also both worse at handling password resets. I can easily generate a new password by appending "1", "2", etc. to the input, but then I have to remember what iteration I'm on when logging in. (It's not that annoying to try multiple, but it is a little annoying.)

All options other than the one I use resolve N/A, the last resolves YES/NO 5 years after my choice based on, roughly, whether I feel like I would have been significantly better off choosing another other option.

Personal
Cybersecurity
Hacking
Get
Ṁ1,000
to start trading!

People are also trading

© Manifold Markets, Inc.TermsPrivacy