|
|
|
|
|
|
by jrochkind1
4357 days ago
|
|
|
> None of these passwords are ever stored. The pass-phrase is not a master password to some stored list of passwords. True... but what makes this method superior to simply having a master password to an (encrypted) stored list of passwords? What makes it more secure than that ordinary way of doing things? It seems to be less convenient in some ways (there are more things you have to remember), although perhaps more convenient in others (there is no password database to keep sync'd accross multiple computers or to lose). But I don't think it's actually any more secure? |
|
|
* Oh great, I forgot to sync my password list on my MacBook before I left the house with only my iPhone
* Oh great, my MacBook got stolen and my backups are all corrupted
* Oh great, my MacBook got stolen and I don't know the password to my backup service that has all my passwords because the password was stored on the machine that just got stolen
Yes, all solvable problems. But, essentially, if you can commit this algorithm to memory, you can always retrieve your passwords, no matter what hardware, backups, or 3rd-party systems go missing.