Construct a strong, (almost) unique password?

Question

After reading Why use random characters in passwords? it seems to me that one can solve the problem of how to remember a zillion passwords while each one remains secure by constructing each password from a high entropy root modified by the name or other information from the site or app being logged into.

For example, suppose for exposition my root is '1234567890abcdef'. If I am logging into facebook.com I might intersperse the first four letters of the domain after the 2nd, 4th, 6th, and 8th characters, producing '12f34a56c78e90abcdef' as my password.

If I choose a high entropy root then it seems to me like I will have a strong, almost unique password for each site that I can construct quickly when needed (almost because some sites share their first four letters). No password manager needed. No worries about hacks from a revealed password, only the question of how to modify this method when the constructed password cannot be used for any reason, such as a requirement to change passwords.

Am I missing something?

Answer 1

You are missing quite a bit.

First, you need to rotate passwords from time to time. That leads to exceptions in your rules after some time. You will end up with unchanged passwords for sites where they don't expire, sites with a 3rd version because the passwords expire after 90 days, sites where they expire twice an year, and so on. Sometimes you will forget the password, and the site will not accept the previous one. You will have to keep track of the password count.

Some sites require special chars, some don't allow special chars. Some need a password at least 8 digits, others require passwords 8 digits or less. There's no way to accommodate every site in a single rule.

No worries about hacks from a revealed password

No, you have to worry a lot. When that happens, all your passwords are at risk. If I see 12f34a56c78e90abcdef, I can tell your GMail password is 12g34m56a78i90abcdef. Someone targeting your accounts will have an easy task deducing your other passwords by trying to login on interesting sites with your scheme in mind.

Now if your password leaks and it's 4+YIhLy4lBFXOmCYhbELxnABr/UAbjmK (generated by using dd if=/dev/urandom bs=64 count=1 | base64 -w0 | cut -b1-32), it shows 2 things: you use secure passwords, and you use different passwords because nobody will memorize that string.

The issue I consider the most significant is the mental load required to manage this scheme. You may find it small at first, but when you have 100+ services with dozens of exceptions, it's tempting to just fall back to the default behavior and reuse passwords.

Using a password manager reduces this load considerably. You can have a master passphrase with 10 words, and use it once a day. And have a 6-digit PIN to unlock the password manager that you will use several times a day.

Using a password manager have risks, sure, but I consider those risks way more manageable and bearable than not using a password manager. Remember the AviD's Rule of Usability:

"Security at the expense of usability, comes at the expense of security."

So if your password management solution is secure but not usable, it won't be used.

Answer 2

When it comes to security, the rule is do not roll your own. Entropy evaluation, bias identification, and side channel attacks prevention are very complex things.

If you want good random passwords, just use a good password manager like keypass. Let it provide random passwords and store them in it. You will get fully unrelated passwords for all the sites or application that you use, and will have only to remember one single master password.