skylab/MasterPassword
2
0
Fork 0
Code Releases Activity

Added a new introduction video to the Master Password website.

Browse Source
This commit is contained in:
Maarten Billemont
2014-10-06 22:03:18 -04:00
parent a18793b161
commit 480e7f192a
11 changed files with 91 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Site/2013-05/what.html
View File

@@ -154,6 +154,14 @@
<p>Two factor authentication is defined as authenticating yourself with two methods that are so distinct that a single attack cannot compromise both. Many sites claim to use two-factor authentication but actually rely only on an extra password hidden in an app on your phone or computer. If an attacker can steal your master password, he can probably download the hidden password too. Or read in your two-factor response while you're typing it in. On top of that, you're using a password manager: after your "two-factor" authentication, you get a single password to perform another one-factor authentication with a site. As a hacker, I'd go for the weakest link to break your chain.</li>
</ul>
<h2>You speak of trust, how can I trust you?</h2>
<p>A very valid question, and arguably the most important one to ask!</p>
<p>Trust is a very difficult thing to guarantee. Powerful entities will sollicit your trust by appearing with it and coming well recommended. Trust can also be assured by legalese or contracts. If you have the means and energy to hold an entity responsible for his claims and actions, this might be sufficient for you.</p>
<p>Most of us mere mortals cannot affort this level of trust enforcement, however. We're mostly left in the position of trusting claims blindly, in the hopes that companies will not violate those claims for fear of taking a seizable public-relations hit.</p>
<p>I propose that none of these forms of trust are sufficient adequate.<br />
In fact, Master Password is what it is because it aims to avoid any requirement of trust in the solution's author. Master Password requires no services or proprietary storage format. I've published Master Password's algorithm for you to inspect and licensed to you the full source code to the implementations for you to use.</p>
<p>What that gives you, is the ability to either inspect and learn how Master Password works or to take this information to a professional (be it an academic, mathematician or payed developer) and have him do this for you.
</div>
</div></section>