On Wed 28 Mar 2018 at 15:27:44 +1300, Richard Hector wrote: > On 28/03/18 00:19, Brian wrote: > > I eventually settled on masterpasswordapp > > because the re-creation aspect appealed to me, it was actively > > maintained, the author's well-thought arguments were convincing > > and (insofar as I could judge) it is secure. > > > > But it did take some time to come to a decision and both the other > > two you have been recommended were on my list. The last thing you > > want to be doing is changing a password manager every few months, > > That's one of the disadvantages of masterpasswordapp, as far as I can
Not quite the point I was trying to make but it is a good one anyway. > see: If you have to change one password, whether because the site owner > says so or it's genuinely been compromised, then masterpasswordapp won't > let you do that, right? Based on your name, the sitename, and your > master password, there is only one true password. So to change a > password, you'd have to change one of those factors. You probably can't > change the site name, changing your own name is inconvenient, and > changing the master password changes all your other passwords as well. At http://masterpasswordapp.com/algorithm.html there is a list of items a user is expected to remember. Four are used to generate the master password and one of those is the site's password counter. In the event of a forced site password change the counter is increased from its default value of 1 to generate a new password for the site without changing the master password. Incidentally, the four items above are not secrets. I use the CLI version of the app with a script so need to remember the master password only. Also, the site name and full name can be anything you like, provided you can remember what they are (not that the app's author recommends this). -- Brian.
