[bahjoite]

Someone should add a "Has my hashed password been broken?" and an opt-in notification when one's password is eventually revealed.

Last person standing gets a prize.

[wepple]

Everyone who uses a password manager would win

[y4mi]

Using a password manager doesn't make you immune to having your credentials leaked if a sites database is breached...

[wavemode]

Uh... he never said it did? Just that yours would be the last hash to be cracked.

[y4mi]

then why would that password tresor user win, after his credentials were leaked by a database breach -- before other select people that weren't compromised but abstained from said software.

Its generally incomprehensible to me why some people don't want to use password tresors -- its so much easier after all - but his argument was flawed.

[wepple]

Because parent said there would be a competition for whose password is cracked last.

My 16 char fully randomized passwords will not be cracked, so I win, along with everyone else using a password manager?

[tambre]

What's a password tresor? Did you mean password manager? Wiktionary tells me it means "treasure" in Catalan and Old French.

[BlackLotus89]

Tresor means safe in german so maybe he is a german that substituted the z in trezor

[dcuthbertson]

It also means "storehouse", so he probably means password manager.

[seele]

I think he meant this: https://trezor.io/

And more specifically: https://trezor.io/passwords/

[y4mi]

I meant password manager/safe.

Sorry for that mix up.

[Ajedi32]

It actually does, provided the passwords aren't stored in plaintext.

Even something ridiculously weak like a SHA-1 hash isn't going to be cracked if the password is 16 characters long and completely random.

[ianseyer]

provided:

- the passwords aren't stored in plaintext or any other compromised hashing mechanism

- you autogenerated your password

- your password manager does not get compromised

saying "it actually does" is a bit of absolutist stretch...

[arghwhat]

Furthermore, none of this is a side-effect of using a password manager. It just makes doing so more convenient.

[aidenn0]

Within a margin of error, zero people can remember 20 16-character random alphanumeric passwords. Therefore it is only possible using some sort of password manager, whether it be something like 1password or an old-fashioned notebook.

[tomschlick]

Also, 1Password has already integrated this into version 7 (in beta). It will let you know if any of your passwords are on HiBP

[xeromal]

I'm still on 4, the non cloud version, so I probably don't get the fancy feature. :(

[shostack]

What happens to your passwords if you stop paying for the cloud version?

[wyoung2]

The apps become read-only, with export functions.

Source: https://support.1password.com/membership-billing-policy/

[ythn]

I still think algorithmic passwords are safer. I could get access to all of your passwords via a simple keylogger to scrape your manager's master password. There's no way you can get at mine because the master password is the algorithm in my brain. You could try to get 2-3 of my existing passwords and reverse engineer my algorithm, but in the words of Liam Neeson: "Good luck"

[Svenstaro]

Well there's this https://spycloud.com/