On Thu 12 Dec 2019 at 21:13:06 +0100, l0f...@tuta.io wrote: > Hi, > > 10 déc. 2019 à 23:11 de a...@cityscape.co.uk: > > > On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote: > > > >> 9 déc. 2019 à 19:13 de a...@cityscape.co.uk: > >> > >> > How about not having to remember (or write down) any passwords for > >> > the places you log in to? > >> > > >> > https://masterpassword.app/ > >> > > >> > Not in Debian, unfortunately. > >> > > >> Interesting. > >> However, I presume that a specific password modification should not be very > >> easy because it seems you rely on a rather fixed encryption seed... > >> > > > > Modifying a password with the masterpassword app is simplicity > > itself. There is no fixed encryption seed. > > > I've read the documentation. User needs to remember all of > this:
> user-name Real name actually. If you do not know your name you have problems. :) Can be set in ~/.bash_rc. Cross this off the list. > master-password That's pretty obvious. Any password manager has something similar. We cross this off your list. > site-name It is in the address bar of the site you are accessing. google.com, debian.org, bt.com etc. What is there to remember? We cross this off your list too. > site-counter I'll give you this. But it would be very unusual to want it. The default is generally good enough. > site-template. I do not understand this. > That makes a lot. You have to know your own name, the site name and the master password. (but see below). However, I can imagine three things would be a heavy burden for some users. > I know some of them should be trivial most of the time but I'm pretty > sure they could be problematic sometimes (multiple and different > (sub)domains for the authentication page, restrictions for the > passwords but you don't remember that you chose a special one...). Your own name (non-secret) can be in an environmental variable and the site-name can be scripted. You only need to know the master password as an essential. How does that differ from other password managers? > However, I find the concept pretty interesting even if I'm a password > manager enthusiast ;) Many users store their passwords in the cloud. The provider will take care of them for you. Some of this thread was about something fairly trivial, like email with Google. How about a user depositing a critical password off their system? That's trust for you! masterpassword doesn't use the cloud. Some users place their trust in having their passwords in plain text files. We do not talk about that. masterpassword doesn't store passwords anywhere - so there is nothing to steal. Your device is stolen or destroyed? You can recover your passwords if you can remember your own name and the master password. How about that? What other password manager gives you this? -- Brian.
