Hello group,
I have been an avid RndPhrase user for the last few years. However recently I have come to hold the opinion, that password managers are better than RndPhrase, as least as I am using it.
First of, I do not think the original threat model that RndPhrase is adequate anymore. It started out as a way to protect against websites being compromised/evil and leaking your website from the server-side (either by hooking the validation mechanism or cracking hashes). However I do not think that this is a sufficient threat model.
We have long talked about javascript leaking your password. We have a fix for firefox, but none for chromium AFAIK.
However this is not just a theoretical attack that might happen if RndPhrase ever become popular -- it is happening right now, though not in the form we expected.
- When you log into
https://www.patreon.com with RndPhrase, it sends your master password instead of your generated one.
- When you try to change your password on github, it sends the password to the server as you write it, to check the password strength.
In a post-Snowden world, this is bad. Quantum insert is also a big deal in this context.
While this is the main reason I am quitting RndPhrase, there is another security issue that will probably prevent me from coming back. If we assume that my master password is ever compromised (through either human stupidity, an attacker or a combination), then the loss is much greater than expected.
The initial assumption was that once we take the time to change our password on every site, then everything would be okay again. However that is not true, as we now know that passwords are wonderful pieces of meta-data to tie all account together. We might also imagine that an attacker would be able to gain persistence faster than we can change our passwords.
Finally I am not a fan of the inflexibility of the original design and the number of hoops we have been forced to go through to satisfy password letter/length restrictions. There is also the problem of multiple places sharing a password database (multi-domain sites or eduroam).
While I am a huge fan of RndPhrase and the work you have done, I no longer believe that the advantages (ease of use, fewer keystrokes,
http://rndphra.se) outweigh the disadvantages.
Best of luck to you,
Idolf