Update: Thanks to HN commenter, this exists! I should note, however, that it's much more secure to leave the SHA-1 hashing to the app but do your formula editing in your head where hackers can't get to (yet).
Update: Here's how to do it from a Unix command line: echo -n twitter.com0 | sha1sum | awk '{print substr($1, 1, 10)}'
This works on mac: echo -n twitter.com0 | /usr/bin/openssl sha1 | awk '{print substr($1, 1, 10)}'
- Memorize a formula to change any string, like "add a zero at the end"
- Apply the formula to the site, e.g. "twitter.com0"
- The first 10 characters of the returned SHA-1 hash is your password.
Memorizing a password for each website is optimal for security but totally unrealistic. Password managers exist but require trusting a third party and still hinges on a single password for all logins.
Don't memorize many passwords, memorize one formula. The formula describes how to manipulate the host site's name.
We could say our pattern is just to add a zero at the end.
So twitter.com becomes twitter.com0 and gmail.com becomes gmail.com0
Stopping here might be risky. If someone gets one of these passwords, they might Easily catch on to what you're doing for all of them.
The next step is to generate a SHA-1 hash from the string. This sounds crazy technical but it's as simple as pasting the string in a text box And hitting enter. Free SHA-1 hash generators are all over the place. Use the Google but use them offline.
Pasting in twitter.com0 into http://www.sha1-online.com/ (preferrably, you'd use an offline tool) we get
f715207db8 542d08c6106d9ce67cf2cac3086d34
Take the first 10 digits of that, and there is your password.
Of course, simply appending a 0 to the end of the url probably isn't a strong enough of a pattern. You may want to enter bits of your birthday, social security number, address of first home, etc.
One way you might do this (which takes a lot more brainpower) is as follows:
-
Take the first letter of the url
f acebook.com
y ahoo.com
-
Find the next letter in the alphabet, in this case, "g" and "z"
-
Recall the NATO phonetic alphabet name for it (you know, alpha, bravo, charlie...in this case "Golf" and "Zulu")
-
Use the second letter of that word, (g o lf and z u lu)
-
Insert that at the end
facebook.como
yahoo.comu
-
Add 9 as the second number
f9acebook.como
y9ahoo.comu
-
Generate hash
12f3b803ec4c5f816e7107835759ab3667d42e4b
8d9571a7ce6e1db79eff1535a81de5ab0fa3d484
-
Trim to 10 digits and capitalize the first letter to appear
12F3b803ec
8D9571a7ce
Doesn't this mean that you need to have the code that scrambles the site name and the SHAs it for you to hand whenever you need your password though? The you have the issue of how to get this onto every device you use without making it available to h4x0rz, no? Am I missing something? :)