• Mr_Dr_Oink@lemmy.world
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    1 year ago

    So all my passwords are locked behind a single password? Isnt this essentially the same as using the same password for every site. In that they only need to cracl o e password to have access to everything?

    • Honytawk@lemmy.zip
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      Just don’t use your master password anywhere else than your password manager.

      If your password manager only works offline, then it is impossible to leak on the internet.

    • Pfnic@feddit.ch
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      In theory, yes but if you use a good password manager and have a strong master password the encryption should be practically impossible to break. The fact that you only have to remember one password means that this password can and should be a very strong one. 20+ characters with upper and lowercase letters, numbers and symbols should take centuries to crack.

    • qqq@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      This is not necessarily true.

      For example, consider the case of a 1Password vault falling into the hands of an attacker. They do not have the option to just crack your password, as the password is mixed with a randomly generated value to ultimately derive the key. They would need to simultaneously brute force your password and that random value. This should almost be impossible. However, given access to a client that already has knowledge of the secret value, it would fall back to brute forcing the password.