|
|
|
|
|
|
by brownbat
5185 days ago
|
|
|
I use a password locker. The only downside is that it makes setting up new accounts or changing passwords on an existing account slightly harder, which decrease usability and security a bit respectively. Someone should RFC a common password API, so password lockers can query the password rules and set up a new account or change the password on an existing account in the background while I browse. You might worry that this would increase the attack surface, or push people towards a single point of failure, but I think ending password reuse and simple passwords could make for a healthy net gain if you carefully designed the protocol with security in mind. (Throttling and preventing account enumeration would be two key issues, but they could be overcome.) |
|
|