this post was submitted on 15 Jun 2023
0 points (NaN% liked)

Technology

37737 readers
420 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

It sounds like a cool concept, but I can't see anyone migrating to this service since there is no logical way to import your current passwords.

Am I missing something?

top 10 comments
sorted by: hot top controversial new old
[–] ollien@beehaw.org 0 points 1 year ago (1 children)

The idea of a security tool using the same name as one of the most serious security vulnerabilities of the last decade is very funny, lol.

[–] imaginary@feddit.de 0 points 1 year ago

Haha, I didn't even make the connection. But that's just great.

[–] Esca@lemmy.one 0 points 1 year ago* (last edited 1 year ago) (1 children)

So basically a fancy hashing algorithm to get the same password for the same information you give it. Neat idea but I am not convinced yet.

If your Spectre secret gets somehow leaked (and your full name could easily be found), that's immediately all your current and future passwords leaked. Now, this would in theory also be a problem with regular password managers that live in the cloud. Though smart ones hopefully add 2FA or similar before they let their users log in. For offline password managers the hacker would need your secret + database to get your password. That's a lot harder. Spectre takes one of those items away, because the 'database' is their algorithm which literally runs on their webpage. All they need is a single password.

What if a site you use leaks your password and you have to change your password for that site only? Spectre won't help you with that, as it will still give you the (burned) password. So you manually have to remember which sites use Spectre for passwords and which ones don't.

Have any services that have been provided to you with a set password you can't change (eg: some service your job uses), Spectre won't help you with this as it won't hold any custom passwords. Have any weird services that requires a specific length and/or forbidden characters Spectre does? Good luck, Spectre can't help you here either. It's not a password manager.

[–] imaginary@feddit.de 0 points 1 year ago (1 children)

and your full name could easily be found

I think they are only talking about your username, not your actual name.

What if a site you use leaks your password and you have to change your password for that site only? Spectre won't help you with that, as it will still give you the (burned) password.

That is something I immediately thought about, there is no way to change a single password. All or nothing.

Good luck with hundreds of passwords that would need changing.

[–] imaginary@feddit.de 0 points 1 year ago

Nevermind. They are looking at your real name after all.

[–] Mothra@mander.xyz 0 points 1 year ago (1 children)

All these people exchanging opinions and information about password manager options and me... Funmbling with the paper booklet I've been using to track my passwords for the last decade

[–] imaginary@feddit.de 0 points 1 year ago (1 children)

I am curious. Without going much into detail to compromise your passwords obviously.

But how do you come up with a good password, and how long are they typically for you?

[–] Esca@lemmy.one 0 points 1 year ago* (last edited 1 year ago) (1 children)

I'm not the person you're replying to but I have a fun answer for how I did it before I moved to password managers.

I used to have just a single password, normal-ish password. Reasonable length, some numbers in there, random caps. But in order for me to have unique passwords on every site without losing track of all the passwords, I added the first and last letter of the name of the service at a specific point inside the password. My password was cryptic enough that if you would see it you wouldn't immediately notice it. But for me it meant I had a single strong password that was easy to remember and unique for every service.

I'm still kind of proud of that one, even though I don't use that method anymore.

[–] imaginary@feddit.de 0 points 1 year ago

I like that style.

I've only used the "standard" ! at the end of an password and maybe put a 3 for an e.

In hindsight terrible terrible idea, but then again that was a long time ago and in simpler times.

[–] aksdb@feddit.de 0 points 1 year ago

Calling this "manager" seems a bit of a stretch. What exactly does it manage? It only seems to derive passwords. Unless I have a database I can search in (and get convenience shit like the information how old or weak existing passwords are or maybe even which sites have been compromised in the meantime), I would not call it a manager.