Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not-so-good good idea?

Given that you already have dozens of site with their own passwords, you just can't import your passwords, but you need to change all of them to start using lesspass first.

Also, if the way the generation of passwords works changes later (i.e. bug), then the users are stuck with a version, or the bug is never fixed, ever.



You are right. I made me similar tool. It just made MD5 out of mater password and service name.

You suddenly realize how many services have special rules you can't fit in. So for each service, I had to remember master password, which "url" i used (gmail.com or mail.google.com?) and which restrictions apply. Usually they did not allow me so long password. Sometimes I was limited to 16, sometimes 12 chars.

After big password leak (heartbleed), I had to setup second master password for all affected service.

So, no. No more sync-less state-less password managers for me.


Isn't that what the hosted profile is for?


There are a lot of reasonable complaints in the comments, but "you need to change your passwords when changing to this service" is actually not one. You want to do that anyway from time to time, and when you are using a new password manager is actually a great time.


If you want to change your passwords from time to time, as you say, then this system isn't going to suit you, because it only ever generates one password for each site.


You could change your master password from time to time and you chould increase the counter (which changes your password) for a given site from time to time.


It's also really shocking to see just how many accounts the average person amasses. My KWallet had some 250 entries at peak times.


You could just put the Algorithm or the version into the configuration. That would at least allow a gradual migration.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: