Password managers are not without security flaws, as seen in a recent high-profile breach. The database storing all the user's passwords is a very attractive target for hackers. Spectre is a new password manager that aims to solve this problem by using a unique password generation and management approach.
It sounds like a cool concept, but I can’t see anyone migrating to this service since there is no logical way to import your current passwords.
I don’t think passwords have to be changed very often.
When you use a password manager and 30 character random generated passwords (or why not 64 characters or even more if the site allows it) separately for each site. If there isn’t a breach: why should I change the password?
That’s a singular used very complex password which only my password managers knows changed against another singular used very complex password which only my password manager knows.
If it is long enough, even brute force shouldn’t be a problem if someone is trying every single combination possible for 30 or more characters (where he doesn’t know how much characters he has to find). 🤷♂️
Often is probably a bad way to phrase it, but there is a reason TLS certificates are changed regularly. Generally this isn’t a big concern if you are the sole user and a set of known devices are used. Once you start handing passwords to others to use (such as is common in corporate environments) the problems being to show. Resetting the password is just a sure fire way to revoke access to anyone that may of had access that shouldn’t, for whatever reason.
You are correct though, that as long as the password isn’t being used on public terminals or in areas it might be compromised, it’s generally secure.
I don’t think passwords have to be changed very often. When you use a password manager and 30 character random generated passwords (or why not 64 characters or even more if the site allows it) separately for each site. If there isn’t a breach: why should I change the password?
That’s a singular used very complex password which only my password managers knows changed against another singular used very complex password which only my password manager knows.
If it is long enough, even brute force shouldn’t be a problem if someone is trying every single combination possible for 30 or more characters (where he doesn’t know how much characters he has to find). 🤷♂️
Often is probably a bad way to phrase it, but there is a reason TLS certificates are changed regularly. Generally this isn’t a big concern if you are the sole user and a set of known devices are used. Once you start handing passwords to others to use (such as is common in corporate environments) the problems being to show. Resetting the password is just a sure fire way to revoke access to anyone that may of had access that shouldn’t, for whatever reason.
You are correct though, that as long as the password isn’t being used on public terminals or in areas it might be compromised, it’s generally secure.