The idea of a security tool using the same name as one of the most serious security vulnerabilities of the last decade is very funny, lol.
Technology
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
Haha, I didn't even make the connection. But that's just great.
So basically a fancy hashing algorithm to get the same password for the same information you give it. Neat idea but I am not convinced yet.
If your Spectre secret gets somehow leaked (and your full name could easily be found), that's immediately all your current and future passwords leaked. Now, this would in theory also be a problem with regular password managers that live in the cloud. Though smart ones hopefully add 2FA or similar before they let their users log in. For offline password managers the hacker would need your secret + database to get your password. That's a lot harder. Spectre takes one of those items away, because the 'database' is their algorithm which literally runs on their webpage. All they need is a single password.
What if a site you use leaks your password and you have to change your password for that site only? Spectre won't help you with that, as it will still give you the (burned) password. So you manually have to remember which sites use Spectre for passwords and which ones don't.
Have any services that have been provided to you with a set password you can't change (eg: some service your job uses), Spectre won't help you with this as it won't hold any custom passwords. Have any weird services that requires a specific length and/or forbidden characters Spectre does? Good luck, Spectre can't help you here either. It's not a password manager.
and your full name could easily be found
I think they are only talking about your username, not your actual name.
What if a site you use leaks your password and you have to change your password for that site only? Spectre won't help you with that, as it will still give you the (burned) password.
That is something I immediately thought about, there is no way to change a single password. All or nothing.
Good luck with hundreds of passwords that would need changing.
Nevermind. They are looking at your real name after all.
All these people exchanging opinions and information about password manager options and me... Funmbling with the paper booklet I've been using to track my passwords for the last decade
I am curious. Without going much into detail to compromise your passwords obviously.
But how do you come up with a good password, and how long are they typically for you?
I'm not the person you're replying to but I have a fun answer for how I did it before I moved to password managers.
I used to have just a single password, normal-ish password. Reasonable length, some numbers in there, random caps. But in order for me to have unique passwords on every site without losing track of all the passwords, I added the first and last letter of the name of the service at a specific point inside the password. My password was cryptic enough that if you would see it you wouldn't immediately notice it. But for me it meant I had a single strong password that was easy to remember and unique for every service.
I'm still kind of proud of that one, even though I don't use that method anymore.
I like that style.
I've only used the "standard" ! at the end of an password and maybe put a 3 for an e.
In hindsight terrible terrible idea, but then again that was a long time ago and in simpler times.
Calling this "manager" seems a bit of a stretch. What exactly does it manage? It only seems to derive passwords. Unless I have a database I can search in (and get convenience shit like the information how old or weak existing passwords are or maybe even which sites have been compromised in the meantime), I would not call it a manager.