Show HN: Paasword – a password vault that never stores your passwords (github.com)

2 points by yoyo250 ↗ HN
Warning: pre-release, unaudited, not for production use. (Though my password was generated with it)

Instead of saving secrets, it derives them on demand using domain + username + a short passphrase + a physical OpenPGP key (smartcard/YubiKey).

Passwords are reproducible but never persisted.

Currently tested only with RSA4096 on Windows + GnuPG 2.4.x.

1 comment

[ 3.6 ms ] story [ 6.8 ms ] thread
> a physical OpenPGP key (smartcard/YubiKey)

I don't know how you get a reproducible value from this, but in the use described it isn't actually contributing a second factor.