Ask HN: How'd you manage the password managers' master password?

17 points

2 years ago

In general, I like to be helped by password managers to do the heavy lifting, but how to make out the best of the master password?

xkcd/936 is OK-ish for educated geeks, but in practice for a large amount of no-tech users, they only have a few candidates of fruits, sports, animals, or city names to pick from, let alone not to mass it up in memory at some point.

For now, the best option seems to store a complex master password in your phone's keychain and protect it with biometric authentication, but it's important to keep your phone safe. If someone steals your iPhone and the passcode, they could wipe out your iCloud account within just a few clicks.

Now shameless plug, I've just posted "accdoo cipher" on Show HN two days ago [1], and if you have one second to spare, here is my pa33w0rd for demonstration [2].

Any other ideas?

btw: I feel relieved that password managers (Bitwarden and 1Password for example) only require a minimum length for your master password. There are no complicated rules to follow, which is great. I hope other companies follow their approach.

[1]: https://news.ycombinator.com/item?id=39115559

[2]: https://accdoo.app/#0118-999-881-999-119-7253#256

26 comments