While I first wrote an article about the absurdities of information security [in 2011][1], this specific extension is an idea I've had since [June 2015][2] - due to the absurd nature of the idea, I wanted to launch it on April Fools' Day, but that ended up causing it to be [dismissed as a joke out of hand altogether][3], so I figured I'd wait a day before posting it to Hacker News.
While the premise of the extension sounds like a joke, it's legitimately a good idea, and [one others have had independent of this][4]. I explain some of the thoughts and motivations behind NilPass's design here: https://nilpass.com/seriously/
I see an incredible weakpoint: Your email account becomes your only defense, meaning the password on it must be strong and you still need to remember it. And you need 2FA.
Not that this is not the case already, email accounts are already important.
spb|9 years ago
While the premise of the extension sounds like a joke, it's legitimately a good idea, and [one others have had independent of this][4]. I explain some of the thoughts and motivations behind NilPass's design here: https://nilpass.com/seriously/
[1]: http://www.cracked.com/article_18962_5-things-we-all-do-that...
[2]: https://github.com/nilpass/nilpass-branding/commit/6090b5cc9...
[3]: https://www.reddit.com/r/netsec/comments/62sgrp/presenting_n...
[4]: https://rempel.world/passwordless-method.html
tscs37|9 years ago
Not that this is not the case already, email accounts are already important.
timvdalen|9 years ago
Even if you use a different strong password for all sites, if a site offers a password forgot function your email account is still the weakest link.
jszymborski|9 years ago
I wouldn't try to encourage the broken "Forgotten Password" protocol... it's usually the softest target of authenticating on the web.