[Discuss] Password app

[me at mattgillen.net (Matthew Gillen)]

On 10/10/2014 11:55 AM, Mike Small wrote:
> "Greg Rundlett (freephile)" <greg at freephile.com> writes:
>
>> I found a new password app that looks pretty interesting.  It generates
>> passwords based on a master key, and site name, so there is nothing to
>> "lose".  There are some cons,
>
> So the difference between this and a traditional password keeper is that
> if they can guess or acquire your master passphrase they don't also
> have to get access to the password database file on one of your devices
> (there being none) to have all your site passwords. How is this an
> improvement?

Because you don't have to keep a that "password database file" on 5 
different backup devices (and keep it updated on all your backup copies 
every time you add one).  It's certainly not a security improvement. 
It's a usability improvement at the expense of security.

There are a lot of sites that I would be more than willing to make that 
tradeoff for.  I don't care too much if someone spends a lot of effort 
guessing my dominos.com login.  So they can see what pizza I order, big 
deal (FWIW, I don't ever store cc details with on-line stores; I use 
one-time virtual numbers).

I wouldn't use such a password manager for things I care about securing 
(banks, cc, etc).

Interesting side note though: they'd also have to guess your username. 
If you used the same app with a different password to generate 
usernames, you could double the security ;-)

Matt