The best Password Manager that doesn't work

I started to look for a password manager because trying to remember all the unique passwords for all web services is doing my head in. At the moment I keep my passwords in a small notebook but I don’t always carry it with me and there is a risk that it may end up in the wrong hands or get damaged.

So I found this Masterpassword program that doesn’t actually store passwords. It generates them on demand by using a combination of your name, your master password and the website you want to log in to.

That sounds pretty cool since you have to remember only your name and the master key/pass. Plus there is no database to be broken into.

However when i downloaded the program for windows and launched it. I tried to create a new User but when i press OK, nothing happens. It doesn’t create anything. Also you need Java framework for it to install.

Then I tried the web version which is either not ready or behaves very awkwardly. I created a new user with my Master key or pass. And then I can type the name of website I want a password for. As soon as you start typing the algorithm starts spewing out random passwords.

a57dd338-f28d-40ec-9320-4c04f7929b68.png1529x880 182 KB

The problem is that it doesn’t store the URLs that you use the passwords for. It doesn’t store your master key or your username. So If you type in your Master password incorrectly it won’t give you any error. Instead it will generate new password combinations for a new user even if the User names and URLs are identical.

If you make just one accidental character change in your Username and/or Master password and/or URLs the passwords generated by the algorithm will be different and you may never be able to get inside your other accounts. See over here I added www. in front of amazon and the password has changed completely.

5d2113f0-cfd7-4dfb-82bb-68055cd119d4.png1540x861 181 KB

To make things more complicated you have to remember the combination you used for each URL. So Number 1 or 2 or 9 or 94 and whether it’s PIN, short, Basic, Medium, Long, Maximum, Phrase or Name
IF you get any of these factors wrong just by 1 character you’re Fucked big time.

kombi.png1332x543 66.7 KB

TLDR: There is no way to tell whether your passwords are actually yours or not because the website doesn’t save any of your settings. You have to perfectly recreate the settings each time you use it.

Does anyone have recommendations or alternatives?

https://www.passwordstore.org/

Bam! Get some!

bitwarden is a decent password manager, you can use their servers or run your own, its open source, has browser plugins, OS applications, and command link programs.

I saw you recommending KeePass in other threads, what happened to that?

Works for me on linux, win7 and android. Been using it for a while now.

The desktop app generates icons baded on user name and master password so you know id it’s correct. Also it warns you hy default (if you save ur profile)

Syncing is pretty easy, just sync .mpw folder across devices.

Its also good. bitwarden has a bit more consistency in available applications. keepass relies on a mishmash. keepass has a lot of plugins though if you need those and good for and offline solution, you also need to consider how you want to sync the database if you want an “online” solution.

edit: i find keepass a bit of a mess to manage i cant be bothered with that, so ive been using bitwarden.

It did create a folder called .mpw.d but there is nothing inside it. I have Win 7 64bit but everytime I try to create a new user there is no response from the program.

Hmm. I didn’t need to create anything manually. Maybe they broke it in new update?

Sorry to hear that. I’ve beem thinking of coding my own pass manager actually, since this one has slow start up. Damn java

It’s an evil, bloated Electron app, but i’ve been very happy with Keeweb Desktop.

It uses Keepass format files, so you can use them with several different clients for portability and continuity purposes.

It also lets you add files and new fields. In addtion to storing passwords, I store two factor recovery seeds, keyfiles, serial numbers for big ticket items I own, and pictures of my credit cards in case they’re ever needed.

I have created a python wrapper for Masterpassword precisely because of the issues you’ve stated. If people are interested I could clean it up a bit and make it ready for general usage.

The website is useful if you are on a system without Masterpassword. I wouldn’t recommend it for general usage though. The Java app is supposed to remember your logins but I haven’t tried it.

Bitwarden is great if you don’t have a lot of keys. It gets awkward quick because it doesn’t handle categories well IMO. Keepass is good and cross platform, but also very dated at this point.

I use Pass which was already mentioned but I’ve heard good things about enpass…and it works on everything but BSD.

https://www.enpass.io/

I am very interested.

Those “password managers” that take your passphrase and use it to encode a website URL are a bad idea for a number of reasons. If you want to change your passphrase, which many sites make you do from time to time, you need to remember to increment the counter. Also if someone steals your passphrase you’re pretty much boned, while with something like lastpass they would also need to steal your 2FA.

Bitwarden is a great product but it has not yet passed a code audit. They’re working on it, though.

Ok. I’ll message you tomorrow

I have been working on a password generator that I plan on making a password manager for. If you just want the generator you can check it out here.
mhzsys.net/applications/js-password-generator/

That looks like it’s only for nix systems and only terminal based. I need something cross-platform.

Looks like Cure53 will be doing it later this year.

The KeeWeb webapp is super convenient. https://app.keeweb.info/

For desktop I still prefer KeePassXC as it’s faster, and I like the layout/features a bit better.

Both work well.

Yes, that’s that I linked to!

KeepassXC has an android companion app called KeepassDX

It’s 100% compatible and allows file interchange with the desktop version.
I use Keepassxc and keepass dx in conjunction with syncthing to keep passwords synced between my desktop, laptop and phone.

Works flawless for over a year now.