Master Password App

Strong passwords can be hard to remember, especially when you have a lot of different ones. But the best security practices say you should do exactly that! Master password makes that easy: all you need to do is remember your name and one master password, and Master Password will take care of the rest. On this page, I'll tell you a little more about Master Password and then walk you through creating a strong and memorable master password to use with the app.

Master Password is different from other password managers

Most password managers store passwords that you come up with, or randomly generated ones, so you don't have to remember them. Master password doesn't store anything; it generates your passwords with an algorithm (called a hashing function). That means you can download Master Password on any device, and as long as you enter the correct master password, it'll give you the same passwords -- without sending your passwords to anybody else's computer ("the cloud"). It also means if your computer crashes, you don't lose any of your saved passwords. It also means that you'll never be stuck away from your computer without knowing a password to one of your sites; just find the nearest phone or computer, download the app, enter your master password, and you're good to go.

How do I use Master Password?

On any machine,

1. Download the app
2. Enter your name and master password
3. Enter the name of the site you want your password for.
   • The format of the site name matters! twitter.com and www.twitter.com will yield different passwords.
   • In the unusual situation where you have multiple accounts on the same site, add something to the end to generate unique passwords. For example, smichel.me\me and smichel.me\admin for users me and admin respectively.
4. Your password apears. Copy it to where you need it.

That easy?! What's the catch?

All your passwords are tied directly to your master, and there's no way to change or recover a master. So...

1. If you forget your master password, you lose all your passwords.
   • Solution: Remember your password.
     • Memorize it. There's really no way around this.
     • Remember, you don't need to remember any of your other passwords, so there's less to memorize overall.
2. If someone gets access to your master password, they get access to all your passwords. This is both bad and a pain to change all your passwords.
   • Solution: Use a really strong master password.
   • Solution: Never share your master password. With Anyone. Under Any Circumstances. EVER.
     • Don't write it down.
     • Don't tell it to anybody.
     • Don't type it anywhere except the app.

How secure is Master Password?

In theory, masterpasswordapp isn't quite as secure as a solution with truly random passwords locked in a vault by both a password and physical key. But that kind of a solution is a pain to use, and security that you don't use is no security at all. Masterpasswordapp makes your life easier, which means you'll use it, which means it's the most secure solution of all.

Create a strong and memorable master password with Diceware

You'll create a correct-horse-style password (passphrase) using a method called Diceware. It should be 6 or 7 words long. How strong is that? Assuming the person trying to hack you KNOWS you're using Diceware...

• Five words are breakable by criminal gangs, good hackers, and rich people.
• Six words are breakable by the NSA.
• Seven words and longer are unbreakable with any known technology. We think the NSA will be able to break them ~2030
• Eight words should be completely secure through 2050.

(source)

How to use Diceware

Open this link. There's the list of words you will use. There are word lists for other languages too, if you'd prefer one of those.

• Roll a die 5 times.
  • Yes, a physical die. That's why it's called Diceware.
  • Don't use a random number generator online or anything like it. It's difficult to maintain good security if you get your passwords from the internet; go with the easy and safe solution.
• Each roll is a digit. You get a number that corresponds to a word in the list.
  • Ex: 1-2-3-4-5 -> 12345 -> "april"
• Repeat the above for each word.
  • Keep the words in the order you generate them in. Changing the order will likely weaken your password.

Example:

die rolls: 44362 25645 65164 56411 55555 14233

master passphrase is: "outdo fluff zoe tear sum bit"