hacks

Master Password: password manager that does not store passwords

Master Password is a free password manager that does not store passwords on the devices it is run on or in the cloud. The password manager uses a different system when compared to traditional password management programs, such as Bitwarden or KeePass.

Instead of saving user generated passwords in an encrypted database, it computes strong unique passwords using a single master password and the user’s name. Passwords do not get saved on the device or in the cloud, but the system that Master Password uses still supports usage on multiple devices without syncing.

Master Password for Android is a port of the iOS application of the same name. The original developer of Master Password published a revised version, called Spectre, in 2021 that is backwards compatible.

How Master Password works

Master Password computes all passwords on every start using the user’s selected master password and name. The method offers several advantages over traditional password managers.

One advantage is that there is no encrypted password database that may fall into the wrong hands. Other password managers store passwords in an encrypted container, which may be copied by malicious actors.

Since there is no password database, there is no need for synchronization or a cloud connection. Users just need to install the application on their other devices and use the same master password and user combination to generate the same passwords for the services that they are using. All of this happens offline, an Internet connection is not required.

The password manager generates a key from the username and master password to generate passwords for services. The service name, e.g., amazon or ghacks, is used in the computation, and a unique password is generated based on the data.

The beauty of the solution is that the user has to remember just a single master password and username. Service names are relevant as well, and most users may want to use the name of a company or domain for that

Users get a few configuration options when a new service password is generated for the first time. They add a unique name for the service and may specify the complexity of the password. The default is set to maximum security, which generates 20 character passwords that consists of letters, numbers and special characters.  Options to switch this to less secure passwords, a PIN or phrases are also provided.

Internet services may still get compromised and there is a chance that attackers may obtain user passwords. Master Password includes a site counter option, which allows users of the service to generate a new password for any of the stored services to replace the compromised one.

The application remembers the names of the services and, if added by the user, the login name. An attacker could, in theory, gain access to the app on the Android device if the right master password is entered during login. An ingenious feature of Master Password is that it accepts any other master password as well.

Master Password includes a number of convenience features. The app supports categories and notes, there is an option to import and export data, visualize password age, and to block the saving of the username that is used during sign-in.

Closing Words

Master Password uses a completely different approach to passwords. It does not store passwords but computes them using a single master password and username, and a custom name specified by the user for the service in question. The custom name is stored on the device, and import / export options allow users to transfer that data between devices or for backup purposes.

Now You: have you tried master password or a comparable app?

 

 

 

Thank you for being a Ghacks reader. The post Master Password: password manager that does not store passwords appeared first on gHacks Technology News.

gHacks Technology News 

Related Articles

Back to top button