Hacker News new | past | comments | ask | show | jobs | submit login

>> We can't expect people to use password managers (they're complicated and then centralize everything into a single point of failure).

> What about you load a site, get an HTTP 401 response, your browser sends back an auth header with a password generated for that domain name, based on some secret global key/password.

You essentially describe a password manager with deterministic password generation. It has all the upsides and downsides of a regular one, except migrating passwords is harder (you need to change them instead of storing them).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact