antelle
commented
7 years ago Hm, the idea of generating passwords based on website and username is not compatible with password managers. What is your vision of the implementation?
Closed renatn closed 7 years ago
antelle
commented
7 years ago Hm, the idea of generating passwords based on website and username is not compatible with password managers. What is your vision of the implementation?
ret2src
commented
7 years ago Apparently the deterministic hash-based approach of LessPass is, for various reasons, not a good idea for passwords.
I would highly recommend doing thorough research on the security of the LessPass-approach before implementing it, since such a feature might give users a false perception of security.
For a more in-depth discussion listen to Steve Gibson's "Security Now!" Podcast, Episode 585 - for a transcript see https://www.grc.com/sn/sn-585.pdf#page=10
antelle
commented
7 years ago @christian-titze that's what I mean. let's close it: it should not be implemented in password managers. At least as built-in function. Maybe as a plugin, if anyone prefers weaker passwords
I think this is good idea https://blog.lesspass.com/lesspass-how-it-works-dde742dd18a4#.ywqueqjid