And that's how you get rules put in place to not use a password that's similar to your old passwords. (I don't agree with such rules, just to be completely clear)

If you are forced to use long passwords, use book titles, song titles, character names, album names, TV show names, etc etc.

Examples: WutheringHeights$!5, ThePrisonerOfAzkaban:29, TheCountOfMonteChristo33&&

Of course you can put the numbers and symbols anywhere, not just at the end.

[–] PM_Your_Nudes_Please@lemmy.world 27 points 11 months ago* (last edited 11 months ago) (1 children)

If they’re able to determine that you’re using a similar password, it’s because they’re not hashing your passwords and are storing them as plaintext. You should run far far away from any site or service that is able to enforce similarity rules. Because when you properly hash a password, even a minor difference such as upper/lowercase will produce a wildly different result.

[–] bloopernova@programming.dev 18 points 11 months ago

I've been wondering about that. I think they get around it by using the "enter your current password" prompt, so they potentially have it in cleartext for the duration of the session.

[–] funkless_eck@sh.itjust.works 5 points 11 months ago

it's better to use poems. I've done Hamlets 2b monologue, View From Westminster Bridge, Tell the Truth but Tell it Slanted, The Raven, Iago's Many a duteous knave, Louis the Dauphin's I am too high born to be propertied.

Or really any poem you happen to have memorized.