Hi Peter !

How hard is it to get the O1 visa for young PhD graduates ? If I am correct, the O1 visa doesn't not permitted the spouse to work in the US. What would be the solution for the spouse to follow and work ?

Thank you,

I used a small script to generate my passwords : I choose a simple password, I append the domain and I hash the string. I take the first 15 characters of the hash as a password. I find it quite convenient and easy to remember !

sha256("password"+domain)

This seems like one of the simpler solutions on here, what's your process of dealing with sites that require special characters etc?

I add a special character at the end when it's needed

This works, but doesn't scale.

The problem is, the login form doesn't remind that a) a special character was required and b) what characters that particular site thinks are "special".

FWIW, it's really rare for a mixed-case alphanumeric password to be rejected. Typically it's only banks and corporate logins. Those are sufficiently special-case to make an exception.

Downvoted! :) Amusing for actual lived experience to be denied!

(Data: I have 72 logins currently cached in Firefox. Every single one of those sites accepts 10-character mixed case alphanumeric passwords with no extra special character requirements. About once a year I come across a site that needs one.)

I've checked my password manager and I think your stats roughly match what I see - about 1 in 100 sites seem to have smartass requirements to passwords, others (correctly) don't care.

Still, I'd say it's inconvenient to have "special cases" to remember about. Even if they're something important, like banking.

---

Someone had mistaken downvote with "I disagree" rather than "unhelpful". Upvoted you, as I think your comment was helpful and contributed to the discussion.

But this is going off-topic (and discussing votes is something we should refrain from)

You may want to have a look at MemPa (also commented above) [1]. Please LMK what do you think, info in my profile.

[1] https://hackernoon.com/mempa-a-modern-deterministic-password...

So... your passwords are 15 characters of the combination 0-9, a-f?

Yes. But I do add a special characeter and/or a maj at a certain place when it is needed

Smart of you to use a throwaway account :)

Why not use base64 instead? 64 random characters are much better than 16.

    $ perl -e 'use Digest::SHA "sha256_base64"; print sha256_base64("master_password mail.google.com"), "\n";'
    g/sOxZfr2DFE12r8Gs/D0bhwat5kku41L+kFmuCCQOo

That's what I ended up for MemPa (described above). The idea is that I can't read binary sha256 output, and everything I know that can translate in hex can also translate in base64 leading to shorter secrets.

For the special chars, I chose the Safari way of encoding, i.e. I only extract alpha-numberics from base64, and add a "-" every 3 chars. This also improves readability. I assume that if Apple chose this way of doing, either they studied it and/or sites will conform to that.

Sorry for the fake news... I did do my due diligence and checked the story. I'll be more careful before submiting soemthing to HN.

It's not "fake news", it's just a garbage article where the author didn't do any research (or they did, and the author knows exactly what they are doing).

Not necessarily your fault, and I'm personally glad you did submit it as whatever the creators of the new "S2X" are doing to get it in the media, it's working, and the more we can point out how terrible it looks, hopefully we can limit the damage.