[wesley]

Some kind of automated solution to handle this would be nice. Think 1password with automated password changes daily.

How hard can it be? It can already log in by itself, now it just needs to know the page where you can change your password.

[nwh]

> How hard can it be? It can already log in by itself, now it just needs to know the page where you can change your password.

The main issue is; scraping is hard and breaks at the drop of a hat. Sure you could script hourly password changes if you wanted to, but as soon as the host service modifies their forms a little, the whole system breaks and you could possibly be locked out of your account.

[AlexeiSadeski]

Then the Feds will just get the info straight from 1password - or whichever password manager implements such a plan.

Really, the only solution to this kind of thing is offshore corps.

[a3n]

No, the only solution is offline data.

The only reason any of this is an issue is because we have our data and communication in the internet. That's what makes mass surveillance possible.

If you keep your data off the internet, then you're only at risk of individual surveillance. But even that's difficult; stuxnet demonstrated that even air gapped computers are at risk, because we move data around on usb sticks and the like.

So, speech and paper, or human memory, are the only really secure media.

As for all the apps we carry around in our pockets ... do you really need instant online access to your bank balance over the internet on the bus? We used to carry around checkbooks and make entries in the register. If you really need to know your balance 24/7, carry a register booklet, or a moleskin. Then you don't have to wonder if Mint et al. are giving up your passwords.

Opt out.

[wesley]

So really what we need is some kind of API design that allows for password changes that all websites should adopt. Of course that's never going to happen...

Still, if 1password made scraping work for the biggest sites out there (google, microsoft, etc) then that in itself would already be worthwhile.

[Styn]

1Password doesn't store your passwords, it generates them on the fly. You would need to hand over your encrypted password storage and your passphrase. Both of which 1Password has no control over.

[nwh]

That's not entirely correct.

1Password is a local, encrypted store of known passwords. Nothing is generated, except for the original passphrases themselves, which are completely random (not from a seed).

[Styn]

Yeah, I was a little too quick in writing that. What I meant to write was that 1. passwords are stored locally and 2. you have the option to generate passwords with predefined complexity parameters. It would be possible to use this password generating feature to update your passwords automatically at a set interval.