Design flaws of password managers(go350.com)
go350.com
Design flaws of password managers
https://www.go350.com/posts/the-design-flaws-of-password-managers/
65 comments
I’m not sure if I would call the stuff in your blog “design flaws” or if it’s actually “design compromises”.
I actually love the deterministic idea, but in practice it does have one big downside compared to a password manager which is comprehensiveness (ie the ability to store all information for all accounts).
* Not all sites use email, and I can’t always remember my username (it’s different on different sites because of what names are already taken), so I will store username and password together within the password manager. HackerNews is a good example of this.
* You can store accounts that are shared, where you generally don’t get to choose the password. For me this includes my parents billing account for their ISP.
* Some corporate accounts block historically used passwords and require changes to the password every X days. This is not compatible without further salting the word.
* Some things have different password requirements - e.g. each bank account requires a different 6 digit pin and several layers of challenge/response questions that I will have also answered with random digits. Why banks choose to protect my account based on my mothers maiden name I don’t know, but as far as they are concerned her name iNv84%N:1. Also I can’t always change the pin - one investment account I use insists that it’s randomly generated and posted to me via snail mail! Others will choose your online banking username for you and I need to store that too - I’m looking at you HSBC with your usernames like IB9173628!)
* You can store other documents in a password manager. I have my credit card details in so I always have them anywhere I go, and my password details.
1password can handle all the above weirdness. Now granted, if someone were to get hold of my password manager... that’s a game-over situation and a really bad time. But my personal requirement is storing 100% of the information I need on all accounts rather than some of the information required on most of the sites.
Although I really like the deterministic approach, it comes with its own design compromises because there is no perfect solution in this space.
I actually love the deterministic idea, but in practice it does have one big downside compared to a password manager which is comprehensiveness (ie the ability to store all information for all accounts).
* Not all sites use email, and I can’t always remember my username (it’s different on different sites because of what names are already taken), so I will store username and password together within the password manager. HackerNews is a good example of this.
* You can store accounts that are shared, where you generally don’t get to choose the password. For me this includes my parents billing account for their ISP.
* Some corporate accounts block historically used passwords and require changes to the password every X days. This is not compatible without further salting the word.
* Some things have different password requirements - e.g. each bank account requires a different 6 digit pin and several layers of challenge/response questions that I will have also answered with random digits. Why banks choose to protect my account based on my mothers maiden name I don’t know, but as far as they are concerned her name iNv84%N:1. Also I can’t always change the pin - one investment account I use insists that it’s randomly generated and posted to me via snail mail! Others will choose your online banking username for you and I need to store that too - I’m looking at you HSBC with your usernames like IB9173628!)
* You can store other documents in a password manager. I have my credit card details in so I always have them anywhere I go, and my password details.
1password can handle all the above weirdness. Now granted, if someone were to get hold of my password manager... that’s a game-over situation and a really bad time. But my personal requirement is storing 100% of the information I need on all accounts rather than some of the information required on most of the sites.
Although I really like the deterministic approach, it comes with its own design compromises because there is no perfect solution in this space.
> it’s actually “design compromises”.
That's a good way to put it. I've seen several posts like this, and the tendency is to assume a set of requirements (e.g., a generator must be stateless), then fault a scheme for not satisfying them.
The main appeal to me of a password generator is that if you give me a batteries-included scripting language, I can rebuild it from scratch in five or ten minutes--no precious vault to lose. However, if you want to use a scheme like this on purpose, you're going to make some compromises:
* The OP's dpg script has extra logic to avoid similar characters (e.g., 1 and l), presumably to enable typing, rather than pasting. This chips away at the simplicity.
* dheera mentioned his "almost stateless" passenter script, with a publicly accessible configuration file. Would he be comfortable adding an entry for pornhub.com or ashleymadison.com, I wonder?
* baobabKoodaa mentioned his baopass utility in a previous story, which decouples the master password from the generated password using a keyfile. Awfully similar to a vault.
Although I'm not going to discourage anyone from using a password generator, I've come to a similar conclusion as you: the ability to store arbitrary information in the vault is really useful--usernames, PINs, security questions, account numbers, etc.
My current tool of choice is KeePassXC with a vault in a SyncThing directory, and a keyfile local to each system. I wouldn't mind better sync support, because I do occasionally get sync conflicts, which I don't even try to resolve.
That's a good way to put it. I've seen several posts like this, and the tendency is to assume a set of requirements (e.g., a generator must be stateless), then fault a scheme for not satisfying them.
The main appeal to me of a password generator is that if you give me a batteries-included scripting language, I can rebuild it from scratch in five or ten minutes--no precious vault to lose. However, if you want to use a scheme like this on purpose, you're going to make some compromises:
* The OP's dpg script has extra logic to avoid similar characters (e.g., 1 and l), presumably to enable typing, rather than pasting. This chips away at the simplicity.
* dheera mentioned his "almost stateless" passenter script, with a publicly accessible configuration file. Would he be comfortable adding an entry for pornhub.com or ashleymadison.com, I wonder?
* baobabKoodaa mentioned his baopass utility in a previous story, which decouples the master password from the generated password using a keyfile. Awfully similar to a vault.
Although I'm not going to discourage anyone from using a password generator, I've come to a similar conclusion as you: the ability to store arbitrary information in the vault is really useful--usernames, PINs, security questions, account numbers, etc.
My current tool of choice is KeePassXC with a vault in a SyncThing directory, and a keyfile local to each system. I wouldn't mind better sync support, because I do occasionally get sync conflicts, which I don't even try to resolve.
To be honest and I am sure 80% handle it like I did.
I used ONE password for most sites before using password managers. I had 5 PWs Top and I used them everywhere. They weren't particularly strong or secure.
So if someone got my Password he had access to most of my accounts anyway.
So yes that's a downside in password managers - but at least for me it is still better than my previous SOP
I used ONE password for most sites before using password managers. I had 5 PWs Top and I used them everywhere. They weren't particularly strong or secure.
So if someone got my Password he had access to most of my accounts anyway.
So yes that's a downside in password managers - but at least for me it is still better than my previous SOP
That is the same guy that wrote "They want us to be compliant, not secure" which was equally bad.
What is wrong with this blogpost:
* Posing as an authority, without any real credentials (so just rando ranting on the internet, writing that someone worked in "regulated area" is not convincing me)
* Stating whole "advice" as absolute truth without considering any other use cases, upsides
* Assuming "password manager" is synonymous with "cloud password manager" while presenting offline one at the begining
* Stating whole post as an absolute advice, if it would be titled "Way I am handling my password" or "My solution for passwords" I would have no problem with it
Biggest flaw is not considering any threat model and "security LARPing" while writing like it would come from an expert.
What is wrong with this blogpost:
* Posing as an authority, without any real credentials (so just rando ranting on the internet, writing that someone worked in "regulated area" is not convincing me)
* Stating whole "advice" as absolute truth without considering any other use cases, upsides
* Assuming "password manager" is synonymous with "cloud password manager" while presenting offline one at the begining
* Stating whole post as an absolute advice, if it would be titled "Way I am handling my password" or "My solution for passwords" I would have no problem with it
Biggest flaw is not considering any threat model and "security LARPing" while writing like it would come from an expert.
I don’t fully understand the critique.
I host a Bitwarden instance myself, and it should only be accessible from my home network. When I’m out and about I VPN home, so I still have access to my password manager as well.
This setup has worked great so far.
This setup has worked great so far.
Why do you use VPN opposed to just TLS? Transportation wise it should be as secure or am I mistaken?
DPG seems to be a cool idea but what happens if a website has password requirements like at most/least an uppercase character, a number, no longer than x chars...
As I understand it, you have no control of the output it generates...
As I understand it, you have no control of the output it generates...
Or if you have to change the password every X months
I think this is a pretty basic capability of most decent DPMs. LessPass for example gives you a counter option to increment and spit out a completely different password for X month update.
But then it's no longer stateless. So you've lost the primary benefit, while losing the ability to store any other associated secret information in the vault.
https://app.srspass.com is a DPM I found that gives you complete control of the output
Cool seems to work well. My only complaint: there is not much information about who is behind this project and how encryption works...
Leading to: what happens if the website is not reachable or goes offline?
I heard about it from a friend of a friend, from my understanding it's just started up, and they're still getting things rolling. Would try contacting them via e-mail or the like if unsure, however, I use it offline on my android, can add it to homescreen and it apparently doesn't need a connection. If they can get the things you mentioned in order, may be an interesting alternative.
I did look at the sources tab, to check out why my laptop was using so much cpu during the decryption phase, and there are some argon2 webworkers that pop up, so some combo of that, and it clearly seems deterministic, since both my phone and laptop produce matching passes, when all params match.
I did look at the sources tab, to check out why my laptop was using so much cpu during the decryption phase, and there are some argon2 webworkers that pop up, so some combo of that, and it clearly seems deterministic, since both my phone and laptop produce matching passes, when all params match.
Oh cool you are right. It seems to work in airplane mode. Now the only thing left is the initial load if you switch devices while it has been taken down...
I try to find out more about the project and its story. Thank you
I try to find out more about the project and its story. Thank you
[deleted]
Where is the unlocking password stored in a web based DPM like this one?
So what happens if you use a Deterministic Password Generator and there is a security breach in one of the websites that you use and the password is leaked? Can you generate a new password for that website? If this requires adding a parameter to password generator, like --iter 2 for example, how do you remember the parameter for each website?
I used to use a deterministic password manager, but switched to bitwarden because I wanted to be able to rotate (some) passwords sometimes and never found a great solution using a DPM.
That and dumb password requirements. I could never get my DPM to work more than ~80% of the time, so I had to haul around a supplementary password store anyway. Now I'm on bitwarden, too.
I'd rather have a store that's on another piece of hardware with logging and rate-limiting. Unlike TFA, I'd consider this a strength, not a weakness, but right now the convenience price is extreme.
U2F is good but it's still only a second factor right now and the migration story is abysmal. If they can extend it to serve as a first factor and add a migration story, it would be perfect.
I'd rather have a store that's on another piece of hardware with logging and rate-limiting. Unlike TFA, I'd consider this a strength, not a weakness, but right now the convenience price is extreme.
U2F is good but it's still only a second factor right now and the migration story is abysmal. If they can extend it to serve as a first factor and add a migration story, it would be perfect.
I just describe these "dumb password requirements" in a file that can be public, and have my DPM generate a password that fits those requirements. See my comment one level up with link.
Yeah, which is a considerable inconvenience -- I know because I lived it -- all to achieve zero reduction in effective attack surface.
The file describing the requirements can be public. The requirements themselves are publicly stated.
I'm less concerned about attack surface and more concerned about just not having to deal with the logistics of safely storing and syncing something sensitive that I could also easily lose or not have with me on a mobile device or freshly formatted, self-owned device far away from home. I also don't want to have to trust someone else to store it in the cloud for me, especially if that someone else is handing me a closed-source app to do that.
I'm less concerned about attack surface and more concerned about just not having to deal with the logistics of safely storing and syncing something sensitive that I could also easily lose or not have with me on a mobile device or freshly formatted, self-owned device far away from home. I also don't want to have to trust someone else to store it in the cloud for me, especially if that someone else is handing me a closed-source app to do that.
In practice, bitwarden is a heck of a lot easier to get on a new device than a hash app(let) du jour + master password + execption list.
I wrote my own deterministic password manager that uses PBKDF2-HMAC-SHA256.
I have a configuration file that defines the silly rules required by certain websites and also allows setting an "n" parameter that rotates the passwords.
https://github.com/dheera/scripts/blob/master/passgen-params...
The actual password generator:
https://github.com/dheera/scripts/blob/master/passenter
I have a configuration file that defines the silly rules required by certain websites and also allows setting an "n" parameter that rotates the passwords.
https://github.com/dheera/scripts/blob/master/passgen-params...
The actual password generator:
https://github.com/dheera/scripts/blob/master/passenter
Does this work across multiple machines? (Phone + laptop?)
Yes, the whole idea is to not store state. You only need a master password and domain to generate your site-specific password, and possibly a few custom parameters describing password rules for weird sites.
I mean, it's great to "not store state" until you get to the last part of your comment: "possibly a few custom parameters describing password rules for weird sites", plus it also needs to include things like the number times you've rotated the password for each site. The point of my question was to ask how well your implementation manages state across multiple machines, but if your answer is "it doesn't need to" then I just don't see how you can satisfy my requirements.
I also ran into problems that caused me to abandon my DPM after a while. Unique password requirements pet store required storage which added back the sync/dependency on remote storage problem. I also wanted unique logins per site for added privacy/security.
For me both of these requirements are more easily solved with a traditional password manager than a dpm.
Here is a worry that's been in the back of my mind concerning my password manager: I get amnesia and forget my password for the password manager. Has anyone else thought about this issue? Does anyone do something against this scenario?
-Storing a physical backup might be okay but doesn't work in threat models that include physical access.
-Storing in a safe has similar issues to the above but also the security is lowered to the complexity of the safe combination. And there would be the hassle of cracking the safe if your forget the combination.
-Maybe storing in a secure box in a bank with ID verification. Can law enforcement get access to this?
-Sharing the password with a trusted person. Seems a good compromise at the start but then you're trusting that they're storing it securely.
-Maybe using a secret sharing algorithm with multiple people?
-Storing a physical backup might be okay but doesn't work in threat models that include physical access.
-Storing in a safe has similar issues to the above but also the security is lowered to the complexity of the safe combination. And there would be the hassle of cracking the safe if your forget the combination.
-Maybe storing in a secure box in a bank with ID verification. Can law enforcement get access to this?
-Sharing the password with a trusted person. Seems a good compromise at the start but then you're trusting that they're storing it securely.
-Maybe using a secret sharing algorithm with multiple people?
Passwords are soon going to become obsolete.
The future is when each session has its own non-extractabld private key, encrypted and stored locally. Across apps on the same device you use OAuth essentially. Across devices you scan QR codes to authenticate other sessions and grant permissions to them. Keys never leave your device.
Your keychain would essentially be a small blockchain that is decrypted on clients (think Keybase). You could remember one password, and send the rest using Shamir Secret Sharing to N friends. If you ever need to recover your account you have to get M of N friends plus your password. That way if you’re kidnapped you can lock yourself out fo your phone and legitimately claim that M of N friends have to agree to participate.
And btw ... phone numbers and even emails will eventually become obsolete, because you will be able to just authorize notifications to the user’s browser or app instead, and receive a client ID which you can use to send notifications - while the user will be able to manage them (unlike email SPAM) and everyone will be able to run their OWN bots to automatically parse notification data and act on it (unlike trusting Google to parse your email so they BBC can extract flight tickets etc).
In fact, notification delivery would be encrypted with the user’s public keys, and users may choose not to receive the notifications right away (as this will expose their anonymity to timing attacks, and also makes them dependent upon Apple/Google to deliver the “last mile”).
And even DNS will become obsolete as we will have non-human-readable addresses for resources on the Web, with DHT replacing federated databases like DNS. People will realize that document metadata (titles, icons) is cached locally or on search engines anyway, and that DNS is just a glorified search engine for root URLs, a tiny subset of URLs.
The result: no central servers, no domains, no cookies and no accounts. Just cryptocurrency paying for use of resources. People’s contacts in this new system would essentially contain resources on some DHT. People would choose whether to prove to their contacts they control private keys A and B, instead of having Telegram or Facebook announce that their friend joined. It would be totally decentralized and users would be in control.
Prediction for 2040
The future is when each session has its own non-extractabld private key, encrypted and stored locally. Across apps on the same device you use OAuth essentially. Across devices you scan QR codes to authenticate other sessions and grant permissions to them. Keys never leave your device.
Your keychain would essentially be a small blockchain that is decrypted on clients (think Keybase). You could remember one password, and send the rest using Shamir Secret Sharing to N friends. If you ever need to recover your account you have to get M of N friends plus your password. That way if you’re kidnapped you can lock yourself out fo your phone and legitimately claim that M of N friends have to agree to participate.
And btw ... phone numbers and even emails will eventually become obsolete, because you will be able to just authorize notifications to the user’s browser or app instead, and receive a client ID which you can use to send notifications - while the user will be able to manage them (unlike email SPAM) and everyone will be able to run their OWN bots to automatically parse notification data and act on it (unlike trusting Google to parse your email so they BBC can extract flight tickets etc).
In fact, notification delivery would be encrypted with the user’s public keys, and users may choose not to receive the notifications right away (as this will expose their anonymity to timing attacks, and also makes them dependent upon Apple/Google to deliver the “last mile”).
And even DNS will become obsolete as we will have non-human-readable addresses for resources on the Web, with DHT replacing federated databases like DNS. People will realize that document metadata (titles, icons) is cached locally or on search engines anyway, and that DNS is just a glorified search engine for root URLs, a tiny subset of URLs.
The result: no central servers, no domains, no cookies and no accounts. Just cryptocurrency paying for use of resources. People’s contacts in this new system would essentially contain resources on some DHT. People would choose whether to prove to their contacts they control private keys A and B, instead of having Telegram or Facebook announce that their friend joined. It would be totally decentralized and users would be in control.
Prediction for 2040
Webauthn is a step in that direction. When you write "soon", how many years do you forecast it will take to get to there for the vast majority of the sites you are using in a web browser? My bet is no less than five, probably more than ten and I'm pretty sure I'll keep using some password until I die.
Huh. I've been using Keepass2 with a smartcard for a long time now. I don't like that all passwords are unlocked at once, but the DPG approach seems to act the same way. The DPG approach also requires that if I update my 'amazon' password I have to remember that I'm on 'amazon3' or whatever version.
I'd really like to figure out a way to have Keepass or a similar system only unlock one password at a time. I think I can do this using the smartcard by encrypting each password individually using the card, but I've been too busy to learn the plugin system.
This way I can only open my password manager on a trusted system, since the entire key database is open. I suppose this is also equivalent to the DPG approach, assuming you use an obvious name for each website (i.e. amazon, google, ebay, etc.)
I'd really like to figure out a way to have Keepass or a similar system only unlock one password at a time. I think I can do this using the smartcard by encrypting each password individually using the card, but I've been too busy to learn the plugin system.
This way I can only open my password manager on a trusted system, since the entire key database is open. I suppose this is also equivalent to the DPG approach, assuming you use an obvious name for each website (i.e. amazon, google, ebay, etc.)
KeePassX stored on Dropbox works very well for me. I can access on multiple devices, my phone, my laptop and my work PC. Yes it all relies on a master password but it works well for the level of security I want.
Then there is my wife's strategy 20+ char passwords with a mix of numbers and symbols. She uses unique passwords for everything and the only place they are stored are in her head...
Meanwhile I manage to forget my own age.
Then there is my wife's strategy 20+ char passwords with a mix of numbers and symbols. She uses unique passwords for everything and the only place they are stored are in her head...
Meanwhile I manage to forget my own age.
Either you're exaggerating or she's not being completely honest with you. No human is capable of generating unique 20+ char passwords for every service and remembering it. I suppose it's possible you're married to the rain man...
She only really has 5 or so things she has logins for. She also commits her credit card, bank account number and pretty much everything she can to memory.
I think it's a side effect of schooling in South East Asia where she spent most of her childhood wrote memorising.
I don't think she would be able to keep up with the rain man but I don't think I'm exaggerating.
I think it's a side effect of schooling in South East Asia where she spent most of her childhood wrote memorising.
I don't think she would be able to keep up with the rain man but I don't think I'm exaggerating.
Memorizing 100 random symbols for the most important logins is reasonable, but the average person probably has in the order of 50 logins or so. I just counted and was surprised that my password manager contains over 200 passwords. There is no way that I could memorize that many secure passwords or even passphrases.
FWIW, and I'm not suggesting you actually do this, but you probably could learn to remember that many symbols. People can memorize thousands of digits of pi. People can solve ~60 rubik's cubes in an hour blindfolded (where they must first memorize them). I think, surprisingly, it's actually within the realm of human ability to memorize 200 20 character passwords.
She is clearly the exception and must have an amazing memory!
My dad has 'different secure passwords' for all the different sites he goes on, but curiously whenever he shares logon details if I am helping him it's always the same password! Hmm....
My dad has 'different secure passwords' for all the different sites he goes on, but curiously whenever he shares logon details if I am helping him it's always the same password! Hmm....
Device security seems to be the crucial factor here, at least until we can figure out ways to share data but also isolate processes. If your device or browser is compromised, then even a perfect password manager can't stop your secrets from being scooped up. Non-technical people need to be educated right from school as to how to keep their devices secure, what to do and what not to do.
So much of a downgrade to this would simply be using the sentence and the word directly?
Say, for instance, my H.N. password be “TheThermonuclearCatRevolutionIsUponUsAndShallUndoUsAllHackerNews”? Is there any particular caveat under the assumption that no website would be silly enough to store it in plain text?
Say, for instance, my H.N. password be “TheThermonuclearCatRevolutionIsUponUsAndShallUndoUsAllHackerNews”? Is there any particular caveat under the assumption that no website would be silly enough to store it in plain text?
No website being silly enough to store in plaintext, is silly untoitself https://www.upguard.com/blog/biggest-data-breaches
plenty of cases where it happens... and plenty more of viably crackable breaches
plenty of cases where it happens... and plenty more of viably crackable breaches
In addition to plaintext data breaches, there are also the risks of Phishing (if one password can open many accounts) and a malicious website owner just deciding to harvest user/password combos on his own signup script.
My bank password is case insensitive. It could be they are lower casing it before they hash it or they could be storing it in plain text. Judging by the mess they make of their systems I would say it's the later.
my gf can omit last x chars for hers and it's still accepted, can't recall what x was. Banks are so funny
For a while (maybe pre-2015?) Charles Schwab had users append the 6 character 2FA code to the end of your password (which itself was limited to between 6 and 8 chars), so they were either splitting it client side or storing everything in plaintext...
They truncate to 31 chars and laugh at your attempt to increase entropy.
doesnt paypal limit you to 20, and some banks i have to 12 characters...
I’ve been worrying lately that something could go wrong with my password manager one day and the damage that it could cause, even if it was just data loss by a server. I suppose we should all be creating backups of our managed passwords in some second encrypted store
As any standardized way to store data, password managers and provider clouds have become target for pirates.
With 2FA instead, the password is less valuable than the 2FA secret token and its backup on different device to not get locked out.
With 2FA instead, the password is less valuable than the 2FA secret token and its backup on different device to not get locked out.
Real 2FA with at least 2 hardware keys is good. Shitty SMS 2FA is no good, hardware key + SMS is no good.
The big advantage to a hardware key is that if someone snatches it from you, you can go home, log in with your backup key, and disable the stolen key.
Phone-based 2FA is super vulnerable to simple phone theft, SIM swapping, phone number porting theft, and it's simply ridiculous that if you carry a laptop with you that you also need a phone. The laptop itself should be able to accomplish everything. I believe in the most powerful device in front of you should handle 100% of digital tasks including 2FA.
The big advantage to a hardware key is that if someone snatches it from you, you can go home, log in with your backup key, and disable the stolen key.
Phone-based 2FA is super vulnerable to simple phone theft, SIM swapping, phone number porting theft, and it's simply ridiculous that if you carry a laptop with you that you also need a phone. The laptop itself should be able to accomplish everything. I believe in the most powerful device in front of you should handle 100% of digital tasks including 2FA.
Yeah... but some store their 2FA backup codes in said password managers, effectively turning them into the ultimate account breach honeypots.
I could not convince myself to use any password manager as they represent a single point of failure that would cause me significant problems if they were compromised or unavailable.
I gave up on password managers.
I used KeePass for a long time, but now I use a single password with a few added characters that I calculate in my head based on the domain name of the service.
I used KeePass for a long time, but now I use a single password with a few added characters that I calculate in my head based on the domain name of the service.
Your method is extremely vulnerable to a scenario where one of the several websites you use stores plaintext passwords, gets hacked, and now someone knows most of your email/bank account password except for a "few added characters", which can be irritated in a very short time. Your entire password entropy is effectively reduced to the few added characters.
On that note though, I use an actual cryptographic hash of a master password plus a concatenated domain. The resulting password to any specific site is leakable without revealing the master password.
https://github.com/dheera/scripts/blob/master/passenter
On that note though, I use an actual cryptographic hash of a master password plus a concatenated domain. The resulting password to any specific site is leakable without revealing the master password.
https://github.com/dheera/scripts/blob/master/passenter
How does this method work for sites that require password changes every X days or sites that need a password change because they had a data breach?
Forced rotation always results in users using this "add a bit of junk" strategy. Both this strategy, and password rotation, are weak for that reason. And the whole point is that a breach of one site may expose almost-your password for many more sites.
I have a stored parameter "n" that just increments the number of irritations of PBKDF2. That's a lot less to deal with than the amount of state in a traditional password manager, and I'm much less worried about losing it since it's likely I can estimate n for most sites even if I don't have it with me.
You could add a date (202101 for YYY-MM) to the string (domain URL or service name) before you apply your custom "hash" function.
But then you would need to remember the date you changed your password for each site that needs it.
I came up with what I call Passformula.
The idea is to create a one-time, well-defined formula to create a password from the name for the service/website domain you’re trying to log in. You would apply this formula each time you create an account on any website and later use the same formula to get the password at the time of the login.
No need to store passwords (for the majority of the cases) and works like a charm for me.
More details: http://www.rockoder.com/2020/04/26/passformula/
The idea is to create a one-time, well-defined formula to create a password from the name for the service/website domain you’re trying to log in. You would apply this formula each time you create an account on any website and later use the same formula to get the password at the time of the login.
No need to store passwords (for the majority of the cases) and works like a charm for me.
More details: http://www.rockoder.com/2020/04/26/passformula/
[deleted]
Why the down vote (honest question)? I would be eager to know if there are issues with this approach.
I feel like these amateur approaches all ultimately go in circles. It seems like there are information theoretic equalities between these approaches if you incorporate some idea of bounded human memory into the picture. You can remember less and offload more into a system, making the system more of a single point of failure. Or remember more and offload less, making it more secure but harder to remember. DPG is certainly more flexible in that it can accommodate a broader range along the computer memory vs. human memory axis, but the challenge of human memory being fallible and computer memory being hackable is fundamental.