I feel like most of the complaints here are about stateless password managers/generators in general. If not being able to change your master password is an issue to you, then this type of password manager is not for you. The cryptographic arguments seem more valid and worth considering if you plan to use this. I was planning to build something very similar to this as I came to the same conclusions as the creator of LessPass, that the existing solutions are not satisfactory for my use case.
My current choice in software of this type is Twik (https://github.com/gustavomondron/twik) because it has an Android app available from F-Droid and an extension I can install in Chromium. The browser extension is especially good but not without faults. For daily use I find this adequate but I find myself in situations where I need to access a password outside of a browser or my phone which is a huge pain. Other drawbacks include no ability to change or bump the password to a new one without creating a new profile. Keeping my phone and computer in sync is also slightly annoying as you need to manually copy the UUID (long-ish complicated string) which is used to identify each profile.
I think a lot of these issues could be overcome by relatively simple solutions just by applying some sensible design without going all in and trying to be everything at once like LessPass is. If, for example, Twik generated QR codes for its profile keys which you could scan in the mobile app, it would speed things up massively. If it had a compatible CLI interface and a macOS menu bar application, it would be fantastic.
I'd also rather not bother with creating an account with another service just to sync my password version numbers and silly password rules that sites implement. The ability to self-host LessPass is nice but do I really need to bother with this? What's wrong with syncing this information in a simply formatted, maybe also encrypted, text file with services I already use such as Dropbox or Google Drive? Also, why is the default password length 12 characters? It's a small gripe but I thought the whole point of using software like this was to enforce good password practices.
I think https://getvau.lt/ gets pretty much everything right other than having to remember the rules of each password every time you generate it which, for me, isn't much better than remembering different strong passwords for multiple sites.
I've been hoping for some time that somebody would create a solution that I feel makes sense so I was excited to see this post but unfortunately it seems to have too many drawbacks for me personally to incorporate into my daily life. The open source nature of a lot of these products is very helpful and will hopefully reduce the effort I will have to eventually put into building a solution that gets out of my way.
My current choice in software of this type is Twik (https://github.com/gustavomondron/twik) because it has an Android app available from F-Droid and an extension I can install in Chromium. The browser extension is especially good but not without faults. For daily use I find this adequate but I find myself in situations where I need to access a password outside of a browser or my phone which is a huge pain. Other drawbacks include no ability to change or bump the password to a new one without creating a new profile. Keeping my phone and computer in sync is also slightly annoying as you need to manually copy the UUID (long-ish complicated string) which is used to identify each profile.
I think a lot of these issues could be overcome by relatively simple solutions just by applying some sensible design without going all in and trying to be everything at once like LessPass is. If, for example, Twik generated QR codes for its profile keys which you could scan in the mobile app, it would speed things up massively. If it had a compatible CLI interface and a macOS menu bar application, it would be fantastic.
I'd also rather not bother with creating an account with another service just to sync my password version numbers and silly password rules that sites implement. The ability to self-host LessPass is nice but do I really need to bother with this? What's wrong with syncing this information in a simply formatted, maybe also encrypted, text file with services I already use such as Dropbox or Google Drive? Also, why is the default password length 12 characters? It's a small gripe but I thought the whole point of using software like this was to enforce good password practices.
I think https://getvau.lt/ gets pretty much everything right other than having to remember the rules of each password every time you generate it which, for me, isn't much better than remembering different strong passwords for multiple sites.
I've been hoping for some time that somebody would create a solution that I feel makes sense so I was excited to see this post but unfortunately it seems to have too many drawbacks for me personally to incorporate into my daily life. The open source nature of a lot of these products is very helpful and will hopefully reduce the effort I will have to eventually put into building a solution that gets out of my way.