Vaults, self-hosting, all these needless complications imo for what should be simple. Just give me a secure deterministic password from a website address + master pass combo. That's exactly what my project,…
Why is every and any TOR and sometimes VPN user deemed a DoS attack... it discriminates against users who value privacy by forcing hCaptcha on them by default. Worst of all... it could be a de-anonymization attack as…
It's a definite improvement, and good point indeed regarding phishing... just as your answer precludes, a whole different authentication mechanism is needed to avoid phishing, that is why unfortunately that couldn't…
As someone whose main project surrounds passwords, I could appreciate a future without passwords, because I consider most existing solutions to be quite poor. However, this feels more like having your sheep be herded by…
This reads like an April Fools joke, and I'll give the author the benefit of the doubt on that one as the author's company literally works in the cryptocurrency space, except they apparently refer to themselves as a…
Run noJS by default with something like uMatrix/uBlock Origin, and never worry about this or similar problems again. All parts of a page for me, even 1st party, have JS disabled... you'd be surprised, most useful ones…
Sigh, I remember a similar experience. It was a third-party rep they pushed us to, but we would be asking for ways to re-architect one thing we already had setup on AWS, and all they would do is just try and upsell us…
Try srspass.com which runs argon2id in the browser. Takes about 3 seconds on my ARM phones for the unlock, which uses quite heavy argon2id parameters, above the recommended memory and iterations. I don't think a 3s wait…
I completely agree on server-side derivation being flawed, which is why I made SrsPass, which derives child passwords for you client side, you can use across accounts, and ensures even if you end up making a password on…
LastPass has essentially put a gun to the head of its free users. It has probably gained much traction, by offering a free service. Yet now, as it isn't actually FOSS, they are able to make a change to its model you can…
Speaking of competitors and alternatives to this. I've used a version of my own for years, and have recently started working on a FOSS password generator and manager, called SrsPass. Would love feedback on it, and it…
Vaults, self-hosting, all these needless complications imo for what should be simple. Just give me a secure deterministic password from a website address + master pass combo. That's exactly what my project,…
Why is every and any TOR and sometimes VPN user deemed a DoS attack... it discriminates against users who value privacy by forcing hCaptcha on them by default. Worst of all... it could be a de-anonymization attack as…
It's a definite improvement, and good point indeed regarding phishing... just as your answer precludes, a whole different authentication mechanism is needed to avoid phishing, that is why unfortunately that couldn't…
As someone whose main project surrounds passwords, I could appreciate a future without passwords, because I consider most existing solutions to be quite poor. However, this feels more like having your sheep be herded by…
This reads like an April Fools joke, and I'll give the author the benefit of the doubt on that one as the author's company literally works in the cryptocurrency space, except they apparently refer to themselves as a…
Run noJS by default with something like uMatrix/uBlock Origin, and never worry about this or similar problems again. All parts of a page for me, even 1st party, have JS disabled... you'd be surprised, most useful ones…
Sigh, I remember a similar experience. It was a third-party rep they pushed us to, but we would be asking for ways to re-architect one thing we already had setup on AWS, and all they would do is just try and upsell us…
Try srspass.com which runs argon2id in the browser. Takes about 3 seconds on my ARM phones for the unlock, which uses quite heavy argon2id parameters, above the recommended memory and iterations. I don't think a 3s wait…
I completely agree on server-side derivation being flawed, which is why I made SrsPass, which derives child passwords for you client side, you can use across accounts, and ensures even if you end up making a password on…
LastPass has essentially put a gun to the head of its free users. It has probably gained much traction, by offering a free service. Yet now, as it isn't actually FOSS, they are able to make a change to its model you can…
Speaking of competitors and alternatives to this. I've used a version of my own for years, and have recently started working on a FOSS password generator and manager, called SrsPass. Would love feedback on it, and it…