DEV Community

Discussion on: What's The Name of This Password Management Technique and is it a Good Idea?

Collapse
 
phlash profile image
Phil Ashby

Effectively you are making your master password a little longer? It also protects slightly against a technology failure of the password manager (Lastpass anyone?), while potentially making it difficult to use autofill.

Perhaps there is a variant solution - where part of the master password is used to unlock the database, and part is held in memory (transiently, never stored) to be appended or blended (XOR'ed?) with the stored passwords before they are used or displayed? Might be an interesting PR for the KeePass(XC) teams!

also - good XKCD reference 😄

Collapse
 
jaminologist profile image
Benjamin Bryant

Yea, I think so. Someone on Twitter called it 'hash salting', but I think that involves the manager itself adding something so two of the same password aren't encrypted the same way. (I say as if I know what I'm talking about xD)

Where as this is keeping the 'salt' in your own head and adding it when you login anywhere.

But yes, it would stop autofills, because you'd always have to do the manual step. Which is a bit of a drawback.

The variant solution sounds interesting and perhaps something I could look into, just for fun.