WingNews logo WingNews
top | item 43305306

(no title)

Rury | 11 months ago

A master password (e.g. to access a password manager) needs to be both remembered and stored somewhere (ie the password manager, not your brain). A secret heuristic doesn't and so is more secure by simply not also being stored somewhere outside your brain.

discuss

order

commandersaki|11 months ago

Depends on the implementation. For example with 1Password it is not stored anywhere unencrypted, it is derived with a slow password hash and mixed with a secret key (this part is stored) to unlock your vaults. You can't access your vault without both.

Rury|11 months ago

You asked what the difference was. Simply put, you can't hack what does not exist. LastPass also stores passwords encrypted and was hacked.

In other words, no matter of how well 1Password handles the storing of your master password (encrypted/decentralized or what not), the fact that it does is inherently less secure than something that doesn't store anything at all, such as the case with a secret heuristic.