top | item 37400674

(no title)

I tried that but it's just really hard to keep up over time -- e.g. I used a rule based on the domain name but domain names change somewhere often. Toss in things like "ugh, which of my three emails did I use on this site" or "which high school teacher did I say was my favorite for this site" and it ends up being a big hairy mess that screams for an encrypted place to stick my notes.

Also, what I consider "non obvious" isn't that non-obvious. Given enough of a sample size, a committed attacker can guess a lot of rules. And if the prize (a crypto wallet) is big enough, they might be motivated enough to give it a go.

discuss

benhurmarcel|2 years ago

Also when there's a breach and you need to change your password, you have to make an exception to your rule. And remember it for that specific site.

jongjong|2 years ago

If the domain name,, company name or whatever changes, you can change your password too. Also, it doesn't have to be domain names though.