Hacker Newsnew | comments | show | ask | jobs | submit login

The problem I was trying to solve is of many people who use the same password and email everywhere, and who won't use a password manager or feel it's too complicated to install or use etc.

The email addresses are not as sensitive as passwords. Sure. If someone gets hold of all of them AND your master password you're in trouble. But same goes to getting your password manager file and the password for it.

The difference is you don't need a password manager software. You can store this list anywhere which is reasonably safe.




Your scheme is no easier to implement than having a different password for each website. You have effectively moved part of the password out of the password and into the email address.

-----


It is only easier in the sense of not having to install or use a password manager, and that the email addresses themselves are not as sensitive as the password.

As with everything security related, there is a trade-off. I'm not saying it's more secure, but it can be more convenient in certain circumstances and for certain people.

A password-manager is more secure (if the master password is and the manager software is safe). A unique email address + unique password with a password manager even more so. two-factor authentication even more... and so on...

It's just a question of options/priorities. This is still a valid option in my opinion which might work well for some people who don't want / can't use a password manager, but can handle a list of random email addresses...

-----




Applications are open for YC Winter 2016

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: