| How well does that scale to more than a handful of passwords? I currently have around 400 in my password manager. Your documentation says: > If you need to change all of your passwords, change the sentence. Note that this works the other way, too: unless you are changing all your passwords, you cannot change the sentence. Since it is extremely unlikely that I'd ever want to change all 400 passwords at once, in effect that means I'm never going to be able to change the sentence. All password changes, then, will be done by changing the per-site word. The documentation suggests: > Use a different word for different sites. Be consistent with case (e.g. google, facebook, twitter, etc.) OK, that's easy for the initial password, but what happens when I want change my Google password and have to change the word? The obvious approach is to change it to "google2", and the next time change it to "google3", and so on. Am I expected to remember what variation each of my 400 sites is on? That's probably not practical for most of us, so I'm going to have to have that stored somewhere, and am going to need that storage available to me whenever I need to reconstruct a password, so I need it stores some way that syncs across my devices. Your document lists not having the burden of storage as an advantage of the generated password approach, but I don't see how to deal with remembering the words without having storage. The burden of storing the words, or storing the version suffix of the words, is less than that of storing encrypted passwords because it isn't as bad if they get out, but it is still a burden. The document says of password manager master passwords: > This "master password" is a weak point. If the "master password" is exposed, or there is a slight possibility of potential exposure, confidence in the passwords are lost. Exposure is also pretty big if the sentence for password generation gets exposed. I think most people are going to use words for sites that are simple, like the ones given as examples in the documentation ("google", "facebook", "twitter"). If I'm able to get someone's sentence, there is a good chance I'll be able to guess their words for a lot of major services. It seems to me that the main security advantage this approach has is that it is not using a browser plugin, so for a remote site to compromise it they are going to have to find a way to spy on the user when they are typing in the master sentence. For something running in the browser to do that, it's going to have to both find a bug in the browser that lets it get past the browser's security, and find some exploit in the OS that lets it once it escapes the browser to get past the operating system's security that protects processes from each other. |