Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I never use password managers. The reason is simple: I don't want to rely on another software. If I had to remember 20 passwords I would and in fact I do carry around 10 different passwords in my head constantly.

I trust my own brain rather more. And if my brain is comprised, what else can you do with all the security we have on our desktop?



Password reuse is a bigger threat than password manager failure.

The old-school method is to use a GPG-encrypted flatfile with your passwords in it.

I generate unique, long, passwords for each site I visit. There are _very_ few of these I can remember. I'll run:

   gpg -d passwords.asc | grep siteurl
... (in a terminal) and enter my passphrase. There are other tools which can manage keychains and such, but this is simple, easy, reliable, and portable.


Because

1) Over the years it ends up being much more than 20 passwords. Bank accounts, credit cards, stock trading accounts, web servers, email accounts, IRA accounts, bitcoin passwords/keys, all kinds of work passwords, evernote, etc. I have more than 50 records in KeePass.

2) If you want secure passwords, they must be long (20 characters minimum) and random. Remembering something like that is nearly impossible for me. Once I started using KeePass, I feel way more secure than with my older scheme.


The issue is not about remembering password or how difficult the password is to guess, is how responsible one is as a user.

Don't sign up hundreds of accounts. I only have one bank so that's just one password.

Relying on another software to take care of security like this is not a good solution to me.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: