

Stop using bad passwords. Start using Vault. - adambom
https://getvau.lt/

======
jlgaddis
A couple of things:

1\. add an "avoid ambiguous characters" option (is that an "l" or a "1", an
"O" or an "0", etc.).

2\. encouraging people to type or generate passwords into/from random web
sites is a bad idea -- perhaps even making the problem worse instead of
solving it.

3\. who's your target audience? The tech community already understands this.
Is it my mother, the average user? She'd use this exactly once and then forget
it. Why? "getvau.lt". While that's "cute" and us techies love crap like that,
all Joe User knows is .com. When he tries to come back to the site tomorrow,
he'll type in "getvault.com" or (more likely) "get vault" or "getvault", end
up somewhere else, and never use your service again.

HTH.

------
cmwelsh
KeyPassX and MiniKeyPass are working well enough here, plus they are open
source software that one can install on his or her computer or iPhone.

I keep my database on Dropbox for availability on multiple devices.

~~~
jlgaddis
Yep, I started using KeePassX years ago and love it. About a year ago I
switched to LastPass because it is just so damn convenient, even though I know
I probably shouldn't be using a password manager that stores my passwords "in
the cloud" (again, it's so damn convenient). I am, however, trying to switch
back to KeePassX but it's harder to use since I've stopped using Dropbox, et
al., as well.

------
roywiggins
Neat, but SuperGenPass does this better- has a bookmarklet with configurable
salt, and it's based off the domain name, not the service, so you can't get
into ambiguities (Gmail, GMail, gmail?)

[http://supergenpass.com/](http://supergenpass.com/)

That said, the options for disallowed characters is nice.

~~~
Casseres
"The SuperGenPass UI is rendered within the DOM of the current page when you
click the bookmarklet. The UI is where you enter your master password. And
because the UI is part of the current page, any script running in the page can
read your master password. Remember that script can be external too, as in
advertisements or widgets of some kind." \-
[http://akibjorklund.com/2009/supergenpass-is-not-that-
secure](http://akibjorklund.com/2009/supergenpass-is-not-that-secure)

There are even a couple of demos:

[http://akibjorklund.com/files/2009/10/supergenpass-
vulnerabi...](http://akibjorklund.com/files/2009/10/supergenpass-
vulnerability-demo.html)

[http://akibjorklund.com/files/2009/10/supergenpass-
vulnerabi...](http://akibjorklund.com/files/2009/10/supergenpass-
vulnerability-demo-2.html)

I tested both demos with the latest version of SuperGenPass (2.01) from
[http://supergenpass.com/](http://supergenpass.com/)

