[Discuss] Password app
Matthew Gillen
me at mattgillen.net
Fri Oct 10 12:38:32 EDT 2014
On 10/10/2014 11:55 AM, Mike Small wrote:
> "Greg Rundlett (freephile)" <greg at freephile.com> writes:
>
>> I found a new password app that looks pretty interesting. It generates
>> passwords based on a master key, and site name, so there is nothing to
>> "lose". There are some cons,
>
> So the difference between this and a traditional password keeper is that
> if they can guess or acquire your master passphrase they don't also
> have to get access to the password database file on one of your devices
> (there being none) to have all your site passwords. How is this an
> improvement?
Because you don't have to keep a that "password database file" on 5
different backup devices (and keep it updated on all your backup copies
every time you add one). It's certainly not a security improvement.
It's a usability improvement at the expense of security.
There are a lot of sites that I would be more than willing to make that
tradeoff for. I don't care too much if someone spends a lot of effort
guessing my dominos.com login. So they can see what pizza I order, big
deal (FWIW, I don't ever store cc details with on-line stores; I use
one-time virtual numbers).
I wouldn't use such a password manager for things I care about securing
(banks, cc, etc).
Interesting side note though: they'd also have to guess your username.
If you used the same app with a different password to generate
usernames, you could double the security ;-)
Matt
More information about the Discuss
mailing list