Anima - Vibe Coding for Product Teams — Build websites and apps with AI that understands design.
Build websites and apps with AI that understands design.
Promoted
Did I get it right: you take one master password, and use that as seed to generate pseudo-random passwords for all the other sites? The idea is brilliant and deceptively simple, however, have you done formal security analysis on this approach? It seems insecure to me. Consider this: if somebody were able to steal your master password, they'd be able to generate the passwords and gain access to all your other LessPass-managed sites.
@kixpanganiban you're right we need some security audit https://github.com/lesspass/less.... And If somebody find your master password, yes your probably not good. We are making an app to encourage people to "regularly" change their master password and increase security of the tools. There is more on github if you're interested in. Thank you
Report
@guillaume20100 Ah, but then it would be self-defeating, no? Since if you change your master password, you'd be forced to change your password for all registered sites as well since they would have to be generated from a new seed. I guess that's the tradeoff -- convenience for security. This flaw notwithstanding, I still love how simple LessPass is and kudos to you guys for all your work.
Report
This is very nice - looking forward to the android app.
Report
Wow, great job with the clean and simple approach, looking forward to using this.
Report
So it's like MasterPassword merged with LastPass that can be self-hosted and is a bit simpler?
@bgiesing39 Yes except that you can not save a password in our database. So you can not save your credit card number for example. And more important, LessPass is open source. Lastpass is not.
LessPass
LessPass