Disclaimer: I use a password manager, so please don’t direct your comments at me.
So I know this person that says they don’t use a password manager because they have a better system like… I’m gonna give an example:
Lets say, a person loves Star Wars, and their favorite character is Yoda. The favorite Their favorite phrase is from The Good Place “This is the Bad Place!”. And their favorite date is 1969 July 20th (first landing on moon).
So here:
Star Wars Yoda = SWYd
“This is the Bad Place!” = ThIThBaPl!
1969 July 20 —> 69 07 20
So they have this “core” password = SWydThIThBaPl!690720
Then for each website, they add the website’s first and last 2 characters of the name to the front of the password…
So, “Lemmy Forum” = leum
Add this to the beginning of the “core” password it becomes:
leumSWydThIThBaPl!690720
For Protomail Email it’s: prilSWydThIThBaPl!690720
For Amazon Shopping it’s: amngSWydThIThBaPl!690720
Get the idea?
The person says that, since the beginning of the password is unique, its “unhackable”, and that the attacker would need like 3 samples of the password to figure out their system.
Is this person’s “password system” actually secure?
So no this is not safe. Once ypu have a system it is easier to crack because if someone has 2 or more of your passwords they can work out there is a system and it’d make it much easier to crack others if they’re determined.
It is unlikely that someone random would specifically target a person and systematically try and crack their passwords. If that were to happen it’d most likely he someone they know - and this does happen sometimes. So while the passwords are definitely flawed it may not be something that anyone takes the time to exploit. But you can never say never.
The best way to manage passwords probably remains a secure password manager and randomly generated series of characters for each site. If its truly random then there are no shortcuts and every single password stands independently. The password manager gets round the issue of memorising them.