Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How is this different from having one password for all sites? If I break the master password I gain access to everything.


If you use one password for all sites:

* if password hashes from any site you use leak and they’re weak, you’re compromised everywhere

* if any site is or becomes malicious and its operators/hackers read your password, you’re compromised everywhere

This approach (maybe not implementation – its hashing is kind of weak) is fine if your master password is strong enough, which it should be.


If the database of a site gets stolen it makes it a little harder to break your master password.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: