Technology

37608 readers

273 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

Spectre: A password manager that doesn’t store passwords (4sysops.com)

submitted 1 year ago by [email protected] to c/[email protected]

31 comments fedilink hide all child comments

It sounds like a cool concept, but I can't see anyone migrating to this service since there is no logical way to import your current passwords.

Am I missing something?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 year ago (1 children)

I don’t think passwords have to be changed very often. When you use a password manager and 30 character random generated passwords (or why not 64 characters or even more if the site allows it) separately for each site. If there isn’t a breach: why should I change the password?

That’s a singular used very complex password which only my password managers knows changed against another singular used very complex password which only my password manager knows.

If it is long enough, even brute force shouldn’t be a problem if someone is trying every single combination possible for 30 or more characters (where he doesn’t know how much characters he has to find). 🤷‍♂️

[–] [email protected] 2 points 1 year ago

Often is probably a bad way to phrase it, but there is a reason TLS certificates are changed regularly. Generally this isn't a big concern if you are the sole user and a set of known devices are used. Once you start handing passwords to others to use (such as is common in corporate environments) the problems being to show. Resetting the password is just a sure fire way to revoke access to anyone that may of had access that shouldn't, for whatever reason.

You are correct though, that as long as the password isn't being used on public terminals or in areas it might be compromised, it's generally secure.