Master Password is an algorithm used to generate unique passwords for websites, email accounts, or anything else based only on easily reproducible input.
The goal is a process that avoids all the problems involved with other password solutions.
The Master Password algorithm is open: this page describes its inner workings in detail. We believe the following is an important lesson we should all learn: Regardless of how much encryption a solution claims, if you don't know how it works, you cannot assume it is secure (at least, not the kind of secure you care about).
+The Master Password algorithm is open: this page describes its inner workings in detail. We believe the following is an important lesson we should all learn: Regardless of how much encryption a solution claims, if you don't know how it works, you cannot assume it is secure (at least, not the kind of secure you care about).
The Password Problem
Passwords are used to authenticate you to someone else. That means, convince someone that you really are who you say you are. The theory is that when you two are the only ones that know a certain secret word, then the other party can be certain of your identity when you prove to them you know the secret word.
-Authentication using passwords is pretty good in theory but fails when the password is either: +
Authentication using passwords is pretty good in theory but fails when the password is either:
- Easily guessed by an impersonator.
- Known by others. @@ -89,7 +89,7 @@
- Vaults need to be backed-up to avoid the risk of complete identity loss.
- Vaults need to be kept nearby and in-sync across the your devices or you won't always be able to access the password you need. @@ -101,10 +101,10 @@
- Your passwords cannot be found in a file. -
- Your passwords cannot be intercepted during transport. +
- Your passwords cannot be found in a file or even a backup. +
- Your passwords cannot be intercepted during sync.
- You don't need to trust a third party with your secrets.
- You can't lose your passwords.
Password Solutions
To help with these problems, there are a bunch of apps available that remember your passwords for you. They accomplish this by saving your passwords in an encrypted vault or by sending them off to a cloud server.
-These approaches are very helpful, but they come with a few very important downsides: +
These approaches are very helpful, but they come with a few very important downsides:
Solving Availability
Losing all your passwords or other password availability issues are frustrating and sometimes even disastrous.
Master Password solves this problem by being a stateless solution. That means that no information needs to be saved in order for the program to be able to give you your password again in the future.
-Since Master Password doesn't save your passwords and doesn't send them anywhere, it avoids the following risks: +
Since Master Password doesn't save your passwords and doesn't send them anywhere, it avoids the following risks:
-
-
Security Without Worries
Coming up with good passwords is hard. Remembering them, even harder. Passwords deter and distract us from what we really want to do.
Master Password gives you secure passwords to use, and the assurances that you cannot lose them. Now you can stop worrying about how to make your new account secure, forget about passwords, and get on with what you wanted to get done in the first place.
+Moreover, unlike other password solutions, your passwords are ubiquitous and always available from anywhere but also never leave your device. They are not saved in the cloud or a vault, which means there's no risk of government tracking or trusting cloud providers.