| Came here to point out the same concerns, basically. I'll add this: 5. Its seems like there is no user-specific secret in addition to the master password. If two users happen to use the same master password (which is definitely a possibility, especially with weak or easily memorizable passwords) they will basically have all the same passwords for every site! 6. Rotating your passwords regularly, at least for your highly sensitive accounts, is very important. With this approach, you can't change any one of your passwords without changing the whole lot (i.e. changing your master password) which simply isn't practical. 7. They serve the whole thing over the web, which, as has been pointed out many times over the web[1], is a bad idea. Overall, its seems like they are looking for a overly simplistic solution for a complicated problem. <shameless plug>Padlock[2] is a penetration-tested, open source password manager that, while using a battle-tested, 'conventional' encryption scheme for securing data, still tries to be forward thinking and to improve on the overall user experience of other password managers.</shameless plug> [1]https://www.nccgroup.trust/us/about-us/newsroom-and-events/b... [2]: https://padlock.io |
5. The user-specific part is the user name. As long as these two users don't use the same user names they won't have the same passwords.
6. Password generators typically solve this by implementing a revision counter that you can increase in order to generate a new password. LessPass has this functionality, can be seen in screenshots.
7. What is served over the web? LessPass is a browser extension, the page you see in screenshots is contained in the extension.
I obviously disagree with your conclusion. Password generators are a very nice tool, and LessPass isn't currently using the full potential of the idea. For example, Easy Passwords allows you to create a "paper backup" of your passwords - all the password metadata (website, user name, password length) is safe to be printed, yet as long as you remember your master password it is sufficient to recreate your passwords. Of course, occasionally you simply cannot change a password which is why Easy Passwords has a hybrid concept and allows storing some passwords in encrypted form (no paper backup there).