[benrbray]

Password managers don't help when you need to log in to a computer you don't own, e.g. a public computer at a library or office. Using password managers just makes it easier to lock yourself out when you need access most.

[octalmage]

You've got web interfaces and mobile apps. I use 1password and don't have this problem.

[brandon272]

I have no interest in logging into a password manager web interface on a public PC. (But that's just me.)

[phdp]

You don't. You pull up your password on your phone and type it in manually onto the computer.

[darylfritz]

> You pull up your password on your phone and type it in manually onto the computer.

Sounds like someone isn't using a 100-character randomly generated password.

[zeveb]

With mixed-case letters and digits, all you need are 22 characters.

A 128-bit security margin is considered good enough currently; a 62-character alphabet (26 lowercase, 26 uppercase, 10 digits) provides 5.95 potential bits of entropy per character; thus a 21.50-character password would provide 128 bits. You can't have a fractional character, so … 22 characters.

Typing 'tgcSq08O2fEZ5hcZk3Gvgk' in from a screen is easy enough, although not something I'd want to do every day.

[Ajedi32]

Maybe try InputStick then?

Though I think 100 random characters is well beyond the point where you're no longer significantly increasing security by adding more characters. You can easily get 130+ bits of entropy with only 20 characters, and even for a ridiculously weak hashing algorithm like MD4 that'd be enough to withstand the entire combined strength of the Bitcoin mining network attacking your password for well over a billion years.

[cjcampbell]

This is the solution I've come up with as well. It's saved a lot of frustration already, which builds up quickly with when you have to retype even a 16 - 20 character random password over and over again in a short period of time. I only wish for a better iOS experience and direct integration with 1Password. Oh, and a way to prevent random connections from having keyboard access if I were to forget to unplug.

[brandon272]

Parent poster said "web interfaces"

[darylfritz]

Thanks to 2FA, I don't have a huge concern logging into a password manager on a public PC.

[brandon272]

Perhaps I'm overly paranoid. A public PC could be infected with god-knows-what malware that siphons off whatever that text is entered or rendered in a page or on the screen.

[StavrosK]

I'm the same way, if I open my manager on a public pc, for all I know every single password I have is compromised.

[tomp]

I wonder if there's another way to solve this problem. For example, a plug-in that would store cookies as opposed to passwords - and then "populate" a new session with existing cookies to log you in transparently.

[y4mi]

that sounds like a security nightmare...

talking from experience: some sites also map the cookie to a browser id, making a migration useless. It just causes your session to get invalidated.

You can test this yourself because its pretty easy to 'import' cookies between browsers on the same pc. or it was the last time i tried it.

[tomp]

More of a security nightmare than passwords? Maybe, though I can't see why...

Anyways, yeah I thought about binding auth cookies to some kind of persistent hash, although I'm not sure what it could be... IPs change (laptops moving), so do user agents (browser upgrades)... I guess I'll need to test this!