[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Master Password (was: dropbox security situation)

On Sat 14 Dec 2019 at 19:09:44 +0100, l0f4r0@tuta.io wrote:

> Hi,
> 
> 13 déc. 2019 à 00:29 de ad44@cityscape.co.uk:
> 
> > On Thu 12 Dec 2019 at 21:13:06 +0100, l0f4r0@tuta.io wrote:
> >
> >> 10 déc. 2019 à 23:11 de ad44@cityscape.co.uk:
> >>
> >> > On Tue 10 Dec 2019 at 22:34:07 +0100, l0f4r0@tuta.io wrote:
> >> >
> >> >
> >> I've read the documentation. User needs to remember all of
> >> this:
> >>
> >
> > > user-name
> >
> > Real name actually. If you do not know your name you have problems. :)
> > Can be set in ~/.bash_rc. Cross this off the list.
> >
> You are weakening security if you write down or save in specific files
> some elements used for the password generation. But I agree with you,
> it's not the most problematic one ;)
> 
> >> site-name
> >>
> > It is in the address bar of the site you are accessing. google.com,
> > debian.org, bt.com etc. What is there to remember? We cross this off
> > your list too.
> >
> As I was explaining before, I'm pretty sure some cases are not so
> obvious (like sites where authentication page is deported/redirected
> so as time is passing you don't remember which "site" you used the
> first time, same issue with websites on multiple domains, sometimes
> you need to specify the subdomain as well...).

Using the website name is merely a suggestion. It can be anything you
like, provided you can remember it. For example, I use "doctor" for one
site; "surgery" or "prescription" would be equally as good.

> >> site-counter
> >>
> > I'll give you this. But it would be very unusual to want it. The
> > default is generally good enough.
> >
> As discussed after my answer, this is a point.
> >> site-template.
> >>
> You didn't answer to that but that's one more thing to remember
> especially if you needed a custom password initially.

I did not respond in detail to this because I did not recognise it as a
requirement.

> Let's be clear, I think this solution Master Password is original and
> I'm not saying it's impossible to remember all these criteria for most
> of us. But I know it can be problematic for some people, especially
> site-counter and site-template in addition to a master password. Each
> element is generally easy but all of them can be a burden for some
> people with time passing.

I have everything in a script, so in the normal course of events have
nothing to remember - apart from the master password. Master Password
is essentially a calculator; it is not a password vault. Something
for a user to play with:

  https://js.masterpassword.app/

-- 
Brian.
Reply to: