Master Password is a revolution in password management.
</p>
<p>
It aims to secure your online (and offline!) life by <em>changing the way you deal with passwords</em>.
</p>
<hr/>
<h1>Revolution? Why would I need that?</h1>
<p>
You already know the problem:<br/>
Passwords are confidential information between you and a site. They should never be shared with anyone else, definitely not other sites. Yet that's exactly what happens with most of us: Hundereds of online accounts to manage and authenticate, <strong>we can't help but reuse one, two or five passwords that we can remember</strong>. Maybe we keep a paper stuck to our monitor with a list of passwords on them, because we realize the truth:
</p>
<blockquote>It is impossible to remember a secure password for each of our accounts and still keep those passwords both <em>exclusive</em> and <em>confidential</em>.</blockquote>
<p>
Multiple solutions exist:<br/>
Sites that realize that passwords aren't the end-all of authentication usually implement some sort of alternative authentication mechanism: <em>OpenID, SAML, some form of mobile authentication, secure tokens, etc</em>.<br/>
The problem here is that these solutions only work for the select few sites that have chosen to implement them; and then you, the user, are stuck with whatever mechanism the site has chosen for you.
</p>
<p>
To solve the problem for other sites, there are <em>programs that remember our passwords for us</em>.<br/>
The problem with these is that they do not actually help us with setting exclusive and confidential passwords for our accounts. They just offload the work of remembering passwords, and at a great expense: <strong>If you lose your data, you lose your online identity and are locked out of everything</strong>.
</p>
<hr/>
<h1>So, I guess you claim to do better?</h1>
<p>
Master Password aims to turn the tables in favor of the user, you.<br/>
In the end, <em>what we really want</em> is a way of dealing with passwords in an exclusive and confidential way <em>without having to remember</em> them, and <em>without running the risk of losing our online identity</em> to fraudsters.
</p>
<p>
Master Password does exactly this. You remember a single master password. Make it a long and secure one. Master Password uses this password along with the name of the site that you want to log into and generates a secure but unique password for that site. What's more, it doesn't store this information anywhere. If you lose your phone, the thieves can get none the wiser from it. You kick yourself for losing your phone, pick up any other phone, start the application, enter your master password, and instantly have access to all your passwords again. No sync, no backups, no hassle.
</p>
<ul>
<li>Built with the highest security considerations in mind.</li>
<li>Designed with beauty, elegance, simplicity and usability in mind.</li>
<li>Different types of passwords can be generated to curb sites with strange password policies.</li>
<li>A password counter lets you generate a new password for a site in case it gets compromised.</li>
<li>Master password can be either:
<ul>
<li>Stored securely on the device (so you don't need to enter it anymore).</li>
<li>Not stored but remembered between sessions (so you only enter it once after powering on).</li>
<li>Not stored or remembered and required for every usage of the application (safest).</li>
</ul>
</li>
<li>For those cases where you cannot change your account's password, the application will encrypt passwords with your master password and store them securely (as explained, stored passwords can get lost).</li>
<li>Integrates with iCloud to synchronize and back up your site history and stored passwords.</li>
<li>For those that care to know, the password generation algorithm is open and fully documented, so you aren't tied down to this application.</li>
</ul>
<pclass="center">
<imgsrc="img/ComparisonOfPasswordSolutions.png"/>
</p>
<hr/>
<h1>OK, I'm convinced. Where do I get it?</h1>
<p>
Master Password is available from Apple's App Store for iOS and Mac. The Mac application currently requires the iOS application and iCloud to be enabled and set up on both the iPhone and the Mac.
</p>
<p>
The application is fully open source under the GPLv3, which means you can inspect the code and build the application for yourself, if you prefer. You can find the Master Password source code on <ahref="http://github.com/Lyndir/MasterPassword">GitHub</a>.
</p>
<hr/>
<aclass="next"href="algorithm.html">So how does it work? Can I trust it?</a>
