Aft3rmath - Profile

Hi Ful-ton Forklifts,

That is correct, though you still have to remember the keyword (I assume you can't forget your email and website).

I just don't get how you think it can help to solve corporate spam problem?

Originally Posted by Rebecca (PayforPrecision)

“That's the problem isn't it, you have to store all these passwords somewhere! and then remember the password for that storage....”

Well, actually no. Have you heard about stateless password generators (managers)?

They use a different approach. Nobody stores the passwords 

How it works is that they have a hash function which uses some user input (Login, Website address) with Master password (the only password you need to remember). The output of the function is a cryptographically secure password. If you change any variable - the output changes. But as long as the input stays the same the output is same too.

So, basically, when you need a password, you just get to the app or a website of a generator (most of them work offline as well), input all your data and get a password.

These generators have some good points (they are free; you don't have to trust anyone to store passwords for you; they don't depend on any physical file, so they are practically available 24/7 from any device) and cons as well (which are well highlighted here).

Anyway, I think these tools are much better then using no tools at all. 

I can personally recommend Getpass as an example of stateless password generator, because I had a pleasure of reviewing its source code for a research project and found it fine.

Hi Rebecca,

What you can do is have a strong password. Since most trustworthy companies store customers passwords hashed and salted, having strong password exponentially increases the time needed for a hacker to reverse the hash to get your password. So even if there is a breach, they will just have a hash of your password (which is practically useless).