[Gllug] need a password manager for passwords I do not care about

Bruce Richardson itsbruce at workshy.org
Thu May 15 16:38:15 UTC 2008 

On Thu, May 15, 2008 at 05:19:42PM +0100, ccooke wrote:
> On Thu, May 15, 2008 at 05:10:57PM +0100, Dan Stevens (IAmAI) wrote:
> > 
> > I use a password manager for Firefox called PasswordMaker
> > (passwordmaker.org), which, rather than storing passwords, encrypted
> > or otherwise, generates passwords as and when they are needed.
> > PasswordMaker comes with a number of selectable hashing algorithms
> > which, using your master password, the domain of the site and your
> > username as inputs, generate a password for to use on your first and
> > subsequent visits. The generated password is not store, but re-created
> > every time you visit the site. The advantages of PasswordMaker, in
> > addition to not storing passwords, is that it will generate strong
> > passwords saving you having inventing them or memorise them. As long
> > as I believe that my master password is safe, I am safe in the
> > knowledge that if one of my accounts is compromised no others are
> > because all of my accounts now use different passwords.
> > 
> 
> The downside of that is that you are actually *less* secure.
> 
> With a traditional password manager, you need both the password *and*
> the datafile to get access to your account. With this, anyone who has
> your password and can guess your username has access to anything you
> use.
> 

It's certainly true that the password is predictable and replicable as
in those circumstances, particularly on those sites which happily
remember your username.  On the other hand, that password is only used
in one place and not transmitted over networks.  If the person using it
would otherwise be creating weak passwords for websites or using the
same one in multiple places, then on balance they are probably better
off with passwordmaker.  I wouldn't use it myself, I think, but I know
plenty of people who might be better off with it.

-- 
Bruce

It is impolite to tell a man who is carrying you on his shoulders that
his head smells.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20080515/82f8abfb/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list