• bloopernova@programming.dev
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    And that’s how you get rules put in place to not use a password that’s similar to your old passwords. (I don’t agree with such rules, just to be completely clear)

    If you are forced to use long passwords, use book titles, song titles, character names, album names, TV show names, etc etc.

    Examples: WutheringHeights$!5, ThePrisonerOfAzkaban:29, TheCountOfMonteChristo33&&

    Of course you can put the numbers and symbols anywhere, not just at the end.

    • PM_Your_Nudes_Please@lemmy.world
      link
      fedilink
      arrow-up
      30
      ·
      edit-2
      1 year ago

      If they’re able to determine that you’re using a similar password, it’s because they’re not hashing your passwords and are storing them as plaintext. You should run far far away from any site or service that is able to enforce similarity rules. Because when you properly hash a password, even a minor difference such as upper/lowercase will produce a wildly different result.

      • bloopernova@programming.dev
        link
        fedilink
        English
        arrow-up
        19
        ·
        1 year ago

        I’ve been wondering about that. I think they get around it by using the “enter your current password” prompt, so they potentially have it in cleartext for the duration of the session.

    • funkless_eck@sh.itjust.works
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      it’s better to use poems. I’ve done Hamlets 2b monologue, View From Westminster Bridge, Tell the Truth but Tell it Slanted, The Raven, Iago’s Many a duteous knave, Louis the Dauphin’s I am too high born to be propertied.

      Or really any poem you happen to have memorized.