|
|
|
|
|
|
by Appnician
4350 days ago
|
|
|
Many commenters claim that pastor is not watertight, and that is of course 100% true. I completely agree! There is much room for improvement and I appreciate these comments very much. However we all have an Achilles heel in our online security management strategies. I'm guessing that master email addresses, used to reset passwords and authenticate and also smartphones are a much much weaker link then a system like pastor, even when it is only used to generate parts of passwords and everything else is written down. Would you continue reading this comment if you suddenly became aware that you had no clue where you phone was and vaguely remembered putting on some counter in some store somewhere? I even had to checked the presence of my phone when writing that. Twice. Also there are alot of integrated systems for managing passwords. Centralized payed services can of course sport far higher quality assurance, but pastor is a completely self contained script that can be remembered and kept anywhere. By using a simple solution one removes a lot of the pitfalls that are present in more complex solutions. The weaknesses, which are always there in any system, can be more easily understood and managed. |
|
|
When you need to change a password for some website, you'll have to add something to your "door id", e.g. a counter. Then you'll have to remember such counters for every website where you decide to change password. Due to this I was a bit reluctant to change passwords, which is dangerous.
If you want simplicity, the simpler and more convenient solution is to keep an encrypted text file.
--
As for security, the best approach to deterministic password generators I've seen is this:
http://www.cs.utexas.edu/~bwaters/publications/papers/www200...
(Today you'll want to use scrypt as the hash, though).