Hacker News new | ask | show | jobs
by SeanLockItUp 3096 days ago
> Doesn't this compromise all of your passwords if one of your passwords is discovered?

I've been trying to understand password managers for a while. My workplace forces us to use one.

But what you've said doesn't make sense. If your "master password" used in the password manager is discovered, then all your passwords are compromised.

If my laptop or phone gets stolen and someone knows the password from my password manager, then I'm done for.

I choose to follow the algorithm approach too. Even though it's BS.
2 comments
oneeyedpigeon 3096 days ago
Yes, but that master password should a) be incredibly secure (mine is longer than 32 characters) b) only be used for your password manager and nothing else. If, instead, you reuse a password in several places, you're only as secure as the weakest link in that chain.
link
swaggyBoatswain 3095 days ago
I run lastpass, I only use a unique password for that application. I also rotate that password every few months.

I also have it set to 2FA with google authenticate, so I need to have my phone everytime I log in. It takes longer to login but its worth it

So even if my password were compromised by a keylogger / brute force, you would still need to have access to my phone.

I don't use lastpass on my phone so that's not a nonissue for me. I don't link my phone to my computer at all (airdroid, teamviewer, etc). You would need to have

- My master lastpass password

- My unique phone password and my phone

Both events are kind of unlikely to happen. I worry more about lastpass leaking passwords than me being hacked at any point, since this is the major disadvantage of using lastpass over keepass.

lastpass is nice since I can just make autogenerated throwaway passwords and have a way to take notes on passwords I change over time

link