Master Password: Off-Line Password Generator & Vault For Desktop & Mobile
In light of recent security leak scandals, people are beefing up security on their personal accounts to paranoid levels. Security is always at a premium and to serve that end there are numerous solutions available. Solutions that secure images, individual folders, apps (android and iOS) and even bookmarks. The irony of security is that security providers seem to want more of your personal information to improve security. In order to really secure certain online services, you can add anything from fingerprint verification to phone confirmation, implying that in case of a security breach, not only is your web service compromised, so is your fingerprint ID and your personal phone number. However, Master Password for Mac, Java desktop, iOS and Android (beta) makes it easy for you to remain secure without the hassle of memorizing any complicated strings. Here’s how.
Before we delve right into the app, let me impress upon you the importance of complex password strings. It has become a regular occurrence that online services require an 8 character password comprising of numbers, symbols and uppercase letters, this makes the password harder to guess and takes bots (apps that guess passwords) too long to decipher. It is recommended that you avoid using the same password for multiple services. So, if I pick a phrase like 7&62-0~!vbB for Twitter, it will be secure. However, not only will I have to memorize it, I will have to concoct another one of these nuclear launch codes for other sites to stay safe. Nobody can remember that complex a password easily. So people will either write it down, or save it on a password sync service, both scenarios opening you up to other security risks. There is an additional mathematical restriction that if a computer is attempting to guess your password, the phrase 7&62-0~!vbB can be guessed in about 3 days at 1000 guesses/sec. However, if you use a simple to understand phrase like “HorsesEatTonsOfHayAllDay” your complexity increases. At 1000 guesses/sec, it would take approximately 550 years to guess that particular phrase (add spaces if you want to make it even harder). In other words, these neuroscience exams they call passwords, are hard to remember but not too hard to crack.
Now, you can either make longer strings that are difficult to guess, or you can let an offline tool (no web connection) manage it for you, enter Master Password. The app will generate and memorize passwords for you, without relying on a web service to put your passwords at risk, they all remain localized, hence secure. The only thing keeping such suites insecure is that you have to rely on a third-party service to transact the password, that is not the case with Master Password. You will have to enter your password yourself and if you want to change it, you will need to stick to using the regular method you have always used. What the app does is that it lets you generate a password (that you can copy) and you can log in through. More on that in just a quick second.
I first signed up using a Mac, it asked me for my name and a master password. This was all stored locally on my hard drive. So far I was not at any greater security risk. It then asked me the website for which to generate a password. I told it www.twitter.com and it generated an impossible to remember password for me. Now, it will let me copy the password anytime I want. I just have to log back in to Master Password, copy the updated phrase and log right in.
You can do this for however many web services you want. The app uses an algorithm to generate the passwords, an algorithm that can generate the same key over multiple platforms. So the same phrase generates on your iOS device, allowing you to sign in at any time from either platform without relying on any web service. If you need to change passwords, you can generate more from the app. If you are constrained by official guidelines to keep a specific password, the Master Password app can accommodate that as a custom password that it encrypts using your master passphrase. Side note, the typography on the iOS app is to die for.
Some hesitation is understandable that when it comes to web security, there can never be a “perfect solution”, we only have some very good ideas that work for a while until someone finds a few workarounds and we are all back to square one. Now, ideally, if we are staying offline and generating a difficult to crack password – as Master Password does – that should be about as secure as anyone hopes to get. However, all of this is secured in Master Password using only one passphrase, so anyone attempting to get in does not have to crack multiple passwords, they just have to crack that one and they’ll have access to everything. Given the lack of web sync, you will have to do a lot of things manually, which, if you use a phrase like the hay eating horse example up above, you might not need the app altogether.
However, if you require complicated passwords to secure your connections and can conceal the presence of the Master Password app from any onlooker, you have yourself a viable security solution on hand. Also, unrelated but important to note. If you have sensitive data that you would rather not share with the public, it is always advisable to keep that data off-line. There is no way of ensuring permanent security through web services.
But to secure MasterPassword app master password you should always use Incognito mode and long login name like the hay eating horse example up above. Great thing about Incognito mode is that it have no information about previously made users.
Sidenote: while great at generating strong unique passwords for sites, the primary distinctive attribute of Master Password (setting it apart from other generators such as 1Password etc.) is that it makes you immune to password loss. If you wake up tomorrow morning in an inferno and an hour later are standing on the street in your PJs watching your belongings burn to a crisp, you can buy a new iPhone that same day and it will generate your site passwords exactly as they were without needing any form of backup, sync, etc.