Salting Passwords in Password Manager - How To Trust a Password Manager
HTML-код
- Опубликовано: 6 фев 2025
- I don't trust password managers is the most common response I get from people. To get over this fear I show them about salting their passwords in their password manager.
Read more about it here... passwordbits.c...
Simple + Effective = Genius
Here's the downside to salting (or some would say "peppering" is more appropriate as password salting happens on the OS/server side, peppering happens by the user at input):
Password managers are often utilized as a password escrow system. e.g. each married couple has each other's master password in a sealed envelope in case they need access in case of incapacitation or death. If you choose to pepper passwords, you must also include the pepper in the "emergency envelope" which contains the master password (and unique key if the product uses one). That would make things a bit more restrictive as once you chose a master password (not often changed) AND you chose a pepper, then both go into the envelope but then you are forced to keep the pepper across all entries an not change it. You might want to have different peppers if you're that concerned, but now you've obviated one major purpose for having a password manager in the first place, so a trusted person could gain access at a later time.
love it! Will start doing this for important passwords.
Great idea. it is like a two step password sign in procedure. Now how to protect the master password?
someone else called this double blind passwords. great idea. bit inconvienent. especially when some passwords are like that and some aren't