Ask HN: secure password creation
I'm trying to select a personal password policy that will actually be memorable and strong. If any security experts could weigh in, I'd really appreciate it.
My plan is to use a eleven character password - it's made of upper and lowercase letters, numbers, and special characters, no dictionary words or repeated characters, and the final character is changed depending on the site.
This password would be used repeatedly, except for the final character, which would be variable.
Would this be secure?
Instead of doing something like this, why not give Password Gorilla ( https://github.com/zdia/gorilla/wiki ) a try? It will let you create completely random unique passwords for each site instead of having one fixed component (which if it ever gets out allows someone to quite easily guess the remaining passwords).
Plus if you use multiple computers, it will let you keep your passwords file synchronized between the multiple computers.
IANASE, but it feels pretty secure to me.
Me, I rely on my growing up in the Swiss-German speaking part of Switzerland. Swiss-German is not a written language, so basically any way you could write your (region- and dialect-specific) password variant means there's no dictionary attack available :D