It sounds like a cool concept, but I can’t see anyone migrating to this service since there is no logical way to import your current passwords.

Am I missing something?

  • Esca@lemmy.one
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    So basically a fancy hashing algorithm to get the same password for the same information you give it. Neat idea but I am not convinced yet.

    If your Spectre secret gets somehow leaked (and your full name could easily be found), that’s immediately all your current and future passwords leaked. Now, this would in theory also be a problem with regular password managers that live in the cloud. Though smart ones hopefully add 2FA or similar before they let their users log in. For offline password managers the hacker would need your secret + database to get your password. That’s a lot harder. Spectre takes one of those items away, because the ‘database’ is their algorithm which literally runs on their webpage. All they need is a single password.

    What if a site you use leaks your password and you have to change your password for that site only? Spectre won’t help you with that, as it will still give you the (burned) password. So you manually have to remember which sites use Spectre for passwords and which ones don’t.

    Have any services that have been provided to you with a set password you can’t change (eg: some service your job uses), Spectre won’t help you with this as it won’t hold any custom passwords. Have any weird services that requires a specific length and/or forbidden characters Spectre does? Good luck, Spectre can’t help you here either. It’s not a password manager.

    • imaginary@feddit.deOP
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      and your full name could easily be found

      I think they are only talking about your username, not your actual name.

      What if a site you use leaks your password and you have to change your password for that site only? Spectre won’t help you with that, as it will still give you the (burned) password.

      That is something I immediately thought about, there is no way to change a single password. All or nothing.

      Good luck with hundreds of passwords that would need changing.