skylab/MasterPassword
2
0
Fork 0
Code Releases Activity

Update of the site to simplify understanding Master Password and how to use it.

Browse Source
This commit is contained in:
Maarten Billemont 2014-10-05 01:22:28 -04:00
parent 9b24efa65c
commit a18793b161
34 changed files with 299 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
MasterPassword/ObjC/iOS/MPAnswersViewController.m
View File

@ -92,7 +92,7 @@
if (!_multiple)
return 0;
return MAX( 2, [[self siteInContext:[MPiOSAppDelegate managedObjectContextForMainThreadIfReady]].questions count] );
return [[self siteInContext:[MPiOSAppDelegate managedObjectContextForMainThreadIfReady]].questions count] + 1;
}
- (UITableViewCell *)tableView:(UITableView *)tableView cellForRowAtIndexPath:(NSIndexPath *)indexPath {

BIN
MasterPassword/Resources/Media/ios/icon.sketch/Data
View File

Binary file not shown.

22
MasterPassword/Resources/Media/ios/icon.sketch/metadata
View File

@ -1,22 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>app</key>
<string>com.bohemiancoding.sketch3</string>
<key>build</key>
<integer>8053</integer>
<key>commit</key>
<string>104f8b8798002207eebbbee810c02306c5ce85c9</string>
<key>fonts</key>
<array>
<string>SourceCodePro-Light</string>
<string>LucidaGrande</string>
<string>HelveticaNeue-Medium</string>
</array>
<key>length</key>
<integer>918726</integer>
<key>version</key>
<integer>37</integer>
</dict>
</plist>

1
MasterPassword/Resources/Media/ios/icon.sketch/version
View File

@ -1 +0,0 @@
37

54
Site/2013-05/algorithm.html
View File

@ -14,7 +14,7 @@
<link rel="shortcut icon" href="img/favicon.png" type="image/x-png" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-responsive.min.css">
<link rel="stylesheet" href="css/main.css?1">
<link rel="stylesheet" href="css/main.css?7">
<script src="js/vendor/modernizr-2.6.2.min.js"></script>
<script src="js/vendor/prefixfree.min.js"></script>
@ -35,18 +35,16 @@
<a class="brand" href="./">●●●|</a>
<div class="nav-collapse collapse">
<ul class="nav">
<li><a href="./">App</a></li>
<li><a href="security.html">Security</a></li>
<li><a href="faq.html">FAQ</a></li>
<li class="active"><a href="algorithm.html">Algorithm</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source (GPL)</a></li>
<li><a href="what.html">What is it? How do I use it?</a></li>
<li><a href="security.html">Is it safe?</a></li>
<li class="active"><a href="algorithm.html">How does it work?</a></li>
</ul>
<ul class="nav pull-right">
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword (freenode)</a></li>
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword</a></li>
<li class="divider-vertical"></li>
<li><a href="MasterPassword_PressKit.zip" onclick="_gaq.push(['_trackPageview', '/outbound/presskit']);">⬇ Press Kit</a></li>
<li><a href="http://itunes.apple.com/app/id510296984" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/itunes']);" class="img"><img src="img/appstore.svg" /></a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
@ -77,42 +75,6 @@
<p><b>Master Password is <em>an algorithm used to generate unique passwords</em></b> for websites, email accounts, or anything else <em>based only on easily reproducible input</em>.<br />
The goal is a process that avoids all the problems involved with other password solutions.</p>
<p>The Master Password algorithm is <i>open</i>: this page describes its inner workings in detail. We believe the following is an important lesson we should all learn: Regardless of how much encryption a solution claims, <a href="http://www.geekzone.co.nz/foobar/5823" onclick="_gaq.push(['_trackPageview', '/outbound/skype']);">if you don't know how it works, you <strong>cannot</strong> assume it is secure</a> (at least, not the kind of secure you care about).</p>
<h1>The Password Problem</h1>
<img class="pull-right" src="img/thumb-authenticate.png" />
<p>Passwords are used to authenticate you to someone else. That means, convince someone that you really are who you say you are. The theory is that when you two are the only ones that know a certain secret word, then the other party can be certain of your identity when you prove to them you know the secret word.</p>
<p>Authentication using passwords is pretty good in theory but <strong>fails when</strong> the password is either:
<ul>
<li>Easily guessed by an impersonator.</li>
<li>Known by others.</li>
</ul>
</p>
<p>So the only way to do passwords right is by inventing a secure (ie. hard to guess) and unique (ie. different for each site) password each time.</p>
<p>Unfortunately, secure passwords are hard to come up with and even harder to remember.</p>
<p>People generally give up and begin reusing passwords between sites. The password is now no longer secret. This can lead to your identity getting stolen when sites get hacked, you get conned by a hoax site, or you sign up with an untrustworthy website.</p>
<h1>Password Solutions</h1>
<p>To help with these problems, there are a bunch of apps available that remember your passwords for you. They accomplish this by saving your passwords in an encrypted vault or by sending them off to a cloud server.</p>
<p>These approaches are very helpful, but they come with a few very <em>important</em> <strong>downsides</strong>:
<ul>
<li>Vaults need to be backed-up to avoid the risk of complete identity loss.</li>
<li>Vaults need to be kept nearby and in-sync across the your devices or you won't always be able to access the password you need.</li>
<li>Sending passwords to the cloud means handing your keys to a company.</li>
<li>When your passwords are in the cloud they may not be available when you have no Internet access.</li>
</ul>
</p>
<h1>Solving Availability</h1>
<p>Losing all your passwords or other password availability issues are frustrating and sometimes even disastrous.</p>
<p>Master Password solves this problem by being a <em>stateless</em> solution. That means that no information needs to be saved in order for the program to be able to give you your password again in the future.</p>
<p>Since Master Password doesn't save your passwords and doesn't send them anywhere, it <strong>avoids the following risks</strong>:
<ul>
<li>Your passwords cannot be found in a file or even a backup.</li>
<li>Your passwords cannot be intercepted during sync.</li>
<li>You don't need to trust a third party with your secrets.</li>
<li>You can't lose your passwords.</li>
</ul>
</p>
</div>
<div class="thumb clearfix">

8
Site/2013-05/css/main.css
View File

@ -267,15 +267,19 @@ header .box .maximized {
height: 80%;
}
#app header .background {
background: url('../img/shot-laptop-leaning-iphone.png') center center;
background: url('../img/shot-laptop-leaning-iphone.jpg') center center;
background-size: cover;
}
#what header,
#security header,
#algorithm header,
#support header {
height: 40%;
background: #272727;
}
#what header .background,
#security header .background,
#algorithm header .background,
#support header .background {
width: 940px;
@ -284,6 +288,8 @@ header .box .maximized {
top: -10%;
margin-left: -470px;
}
#what header .container,
#security header .container,
#algorithm header .container,
#support header .container {
background: radial-gradient(center, ellipse cover, rgba(0,0,0,0.3) 50%,rgba(0,0,0,0.8) 100%);

18
Site/2013-05/faq.html
View File

@ -14,7 +14,7 @@
<link rel="shortcut icon" href="img/favicon.png" type="image/x-png" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-responsive.min.css">
<link rel="stylesheet" href="css/main.css?1">
<link rel="stylesheet" href="css/main.css?7">
<script src="js/vendor/modernizr-2.6.2.min.js"></script>
<script src="js/vendor/prefixfree.min.js"></script>
@ -35,18 +35,16 @@
<a class="brand" href="./">●●●|</a>
<div class="nav-collapse collapse">
<ul class="nav">
<li><a href="./">App</a></li>
<li><a href="security.html">Security</a></li>
<li class="active"><a href="faq.html">FAQ</a></li>
<li><a href="algorithm.html">Algorithm</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source (GPL)</a></li>
<li><a href="what.html">What is it? How do I use it?</a></li>
<li><a href="security.html">Is it safe?</a></li>
<li><a href="algorithm.html">How does it work?</a></li>
</ul>
<ul class="nav pull-right">
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword (freenode)</a></li>
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword</a></li>
<li class="divider-vertical"></li>
<li><a href="MasterPassword_PressKit.zip" onclick="_gaq.push(['_trackPageview', '/outbound/presskit']);">⬇ Press Kit</a></li>
<li><a href="http://itunes.apple.com/app/id510296984" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/itunes']);" class="img"><img src="img/appstore.svg" /></a></li>
<li class="active"><a href="faq.html">FAQ</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>

BIN
Site/2013-05/img/howto-mp-copy.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 14 KiB

BIN
Site/2013-05/img/howto-mp-copy@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 82 KiB

BIN
Site/2013-05/img/howto-mp-create-confirm.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
Site/2013-05/img/howto-mp-create-confirm@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 72 KiB

BIN
Site/2013-05/img/howto-mp-create.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB

BIN
Site/2013-05/img/howto-mp-create@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 66 KiB

BIN
Site/2013-05/img/howto-mp-login.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
Site/2013-05/img/howto-mp-login@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 156 KiB

BIN
Site/2013-05/img/howto-mp-type-basic.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
Site/2013-05/img/howto-mp-type-basic@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
Site/2013-05/img/howto-mp-type-change.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 34 KiB

BIN
Site/2013-05/img/howto-mp-type-change@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 87 KiB

BIN
Site/2013-05/img/howto-twitter-done.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
Site/2013-05/img/howto-twitter-done@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 37 KiB

BIN
Site/2013-05/img/howto-twitter-paste.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
Site/2013-05/img/howto-twitter-paste@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 39 KiB

BIN
Site/2013-05/img/howto-twitter-signup.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
Site/2013-05/img/howto-twitter-signup@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 38 KiB

BIN
Site/2013-05/img/mac-icon-256.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 113 KiB

BIN
Site/2013-05/img/shot-laptop-leaning-iphone-800@2x.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 569 KiB

BIN
Site/2013-05/img/shot-laptop-leaning-iphone.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 317 KiB

20
Site/2013-05/index.html
View File

@ -14,7 +14,7 @@
<link rel="shortcut icon" href="img/favicon.png" type="image/x-png" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-responsive.min.css">
<link rel="stylesheet" href="css/main.css?6">
<link rel="stylesheet" href="css/main.css?7">
<script src="js/vendor/modernizr-2.6.2.min.js"></script>
<script src="js/vendor/prefixfree.min.js"></script>
@ -34,21 +34,19 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="./">●●●|</a>
<a class="active brand" href="./">●●●|</a>
<div class="nav-collapse collapse">
<ul class="nav">
<li class="active"><a href="./">App</a></li>
<li><a href="security.html">Security</a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="algorithm.html">Algorithm</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source (GPL)</a></li>
<li><a href="what.html">What is it? How do I use it?</a></li>
<li><a href="security.html">Is it safe?</a></li>
<li><a href="algorithm.html">How does it work?</a></li>
</ul>
<ul class="nav pull-right">
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword (freenode)</a></li>
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword</a></li>
<li class="divider-vertical"></li>
<li><a href="MasterPassword_PressKit.zip" onclick="_gaq.push(['_trackPageview', '/outbound/presskit']);">⬇ Press Kit</a></li>
<li><a href="http://itunes.apple.com/app/id510296984" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/itunes']);" class="img"><img src="img/appstore.svg" /></a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>

18
Site/2013-05/privacy.html
View File

@ -14,7 +14,7 @@
<link rel="shortcut icon" href="img/favicon.png" type="image/x-png" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-responsive.min.css">
<link rel="stylesheet" href="css/main.css?1">
<link rel="stylesheet" href="css/main.css?7">
<script src="js/vendor/modernizr-2.6.2.min.js"></script>
<script src="js/vendor/prefixfree.min.js"></script>
@ -35,18 +35,16 @@
<a class="brand" href="./">●●●|</a>
<div class="nav-collapse collapse">
<ul class="nav">
<li><a href="./">App</a></li>
<li><a href="security.html">Security</a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="algorithm.html">Algorithm</a></li>
<li class="active"><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source (GPL)</a></li>
<li><a href="what.html">What is it? How do I use it?</a></li>
<li><a href="security.html">Is it safe?</a></li>
<li><a href="algorithm.html">How does it work?</a></li>
</ul>
<ul class="nav pull-right">
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword (freenode)</a></li>
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword</a></li>
<li class="divider-vertical"></li>
<li><a href="MasterPassword_PressKit.zip" onclick="_gaq.push(['_trackPageview', '/outbound/presskit']);">⬇ Press Kit</a></li>
<li><a href="http://itunes.apple.com/app/id510296984" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/itunes']);" class="img"><img src="img/appstore.svg" /></a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>

27
Site/2013-05/security.html
View File

@ -14,12 +14,12 @@
<link rel="shortcut icon" href="img/favicon.png" type="image/x-png" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-responsive.min.css">
<link rel="stylesheet" href="css/main.css?1">
<link rel="stylesheet" href="css/main.css?7">
<script src="js/vendor/modernizr-2.6.2.min.js"></script>
<script src="js/vendor/prefixfree.min.js"></script>
</head>
<body itemscope itemtype="http://schema.org/MobileSoftwareApplication" id="trouble">
<body itemscope itemtype="http://schema.org/MobileSoftwareApplication" id="security">
<!--[if lt IE 7]>
<p class="chromeframe">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> or <a href="http://www.google.com/chromeframe/?redirect=true">activate Google Chrome Frame</a> to improve your experience.</p>
<![endif]-->
@ -35,18 +35,16 @@
<a class="brand" href="./">●●●|</a>
<div class="nav-collapse collapse">
<ul class="nav">
<li><a href="./">App</a></li>
<li class="active"><a href="security.html">Security</a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="algorithm.html">Algorithm</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source (GPL)</a></li>
<li><a href="what.html">What is it? How do I use it?</a></li>
<li class="active"><a href="security.html">Is it safe?</a></li>
<li><a href="algorithm.html">How does it work?</a></li>
</ul>
<ul class="nav pull-right">
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword (freenode)</a></li>
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword</a></li>
<li class="divider-vertical"></li>
<li><a href="MasterPassword_PressKit.zip" onclick="_gaq.push(['_trackPageview', '/outbound/presskit']);">⬇ Press Kit</a></li>
<li><a href="http://itunes.apple.com/app/id510296984" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/itunes']);" class="img"><img src="img/appstore.svg" /></a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
@ -57,13 +55,6 @@
<img class="background" src="img/mp-process-angled.png" data-stellar-ratio="2.5" />
<div class="container">
<!-- <div class="box effect-8">
iframe id="ytplayer" type="text/html" width="640" height="360" frameborder="0"
src="http://www.youtube.com/embed/QTfA0O7YnHQ?origin=http://masterpassword.lyndir.com&autohide=1&autoplay=0&rel=0&showinfo=0&theme=light&color=white"></iframe
<iframe width="640" height="360" frameborder="0" webkitAllowFullScreen mozallowfullscreen allowFullScreen
src="http://player.vimeo.com/video/45803664?title=0&amp;byline=0&amp;portrait=0&amp;color=ffffff"></iframe>
</div> -->
<div class="content">
<h2>Security Overview</h2>
</div>

18
Site/2013-05/support.html
View File

@ -14,7 +14,7 @@
<link rel="shortcut icon" href="img/favicon.png" type="image/x-png" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-responsive.min.css">
<link rel="stylesheet" href="css/main.css?1">
<link rel="stylesheet" href="css/main.css?7">
<script src="js/vendor/modernizr-2.6.2.min.js"></script>
<script src="js/vendor/prefixfree.min.js"></script>
@ -35,18 +35,16 @@
<a class="brand" href="./">●●●|</a>
<div class="nav-collapse collapse">
<ul class="nav">
<li><a href="./">App</a></li>
<li><a href="security.html">Security</a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="algorithm.html">Algorithm</a></li>
<li class="active"><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source (GPL)</a></li>
<li><a href="what.html">What is it? How do I use it?</a></li>
<li><a href="security.html">Is it safe?</a></li>
<li><a href="algorithm.html">How does it work?</a></li>
</ul>
<ul class="nav pull-right">
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword (freenode)</a></li>
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword</a></li>
<li class="divider-vertical"></li>
<li><a href="MasterPassword_PressKit.zip" onclick="_gaq.push(['_trackPageview', '/outbound/presskit']);">⬇ Press Kit</a></li>
<li><a href="http://itunes.apple.com/app/id510296984" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/itunes']);" class="img"><img src="img/appstore.svg" /></a></li>
<li><a href="faq.html">FAQ</a></li>
<li class="active"><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>

18
Site/2013-05/trouble.html
View File

@ -14,7 +14,7 @@
<link rel="shortcut icon" href="img/favicon.png" type="image/x-png" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-responsive.min.css">
<link rel="stylesheet" href="css/main.css?1">
<link rel="stylesheet" href="css/main.css?7">
<script src="js/vendor/modernizr-2.6.2.min.js"></script>
<script src="js/vendor/prefixfree.min.js"></script>
@ -35,18 +35,16 @@
<a class="brand" href="./">●●●|</a>
<div class="nav-collapse collapse">
<ul class="nav">
<li><a href="./">App</a></li>
<li><a href="security.html">Security</a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="algorithm.html">Algorithm</a></li>
<li class="active"><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source (GPL)</a></li>
<li><a href="what.html">What is it? How do I use it?</a></li>
<li><a href="security.html">Is it safe?</a></li>
<li><a href="algorithm.html">How does it work?</a></li>
</ul>
<ul class="nav pull-right">
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword (freenode)</a></li>
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword</a></li>
<li class="divider-vertical"></li>
<li><a href="MasterPassword_PressKit.zip" onclick="_gaq.push(['_trackPageview', '/outbound/presskit']);">⬇ Press Kit</a></li>
<li><a href="http://itunes.apple.com/app/id510296984" onclick="goog_report_conversion('index-fixed-header');_gaq.push(['_trackPageview', '/outbound/itunes']);" class="img"><img src="img/appstore.svg" /></a></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>

233
Site/2013-05/what.html Normal file
View File

@ -0,0 +1,233 @@
<!DOCTYPE html>
<html class="no-js" itemscope itemtype="http://schema.org/Product">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title itemprop="name">Master Password &mdash; Secure your life, forget your passwords.</title>
<meta itemprop="description" content="Master Password is an ingenious password solution that makes your passwords truly impossible to lose." />
<meta itemprop="image" content="http://masterpassword.lyndir.com/img/iTunesArtwork-Rounded.png" />
<meta name="apple-itunes-app" content="app-id=510296984" />
<meta name="viewport" content="width=device-width">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" href="img/favicon.png" type="image/x-png" />
<link rel="shortcut icon" href="img/favicon.png" type="image/x-png" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-responsive.min.css">
<link rel="stylesheet" href="css/main.css?7">
<script src="js/vendor/modernizr-2.6.2.min.js"></script>
<script src="js/vendor/prefixfree.min.js"></script>
</head>
<body itemscope itemtype="http://schema.org/MobileSoftwareApplication" id="what">
<!--[if lt IE 7]>
<p class="chromeframe">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> or <a href="http://www.google.com/chromeframe/?redirect=true">activate Google Chrome Frame</a> to improve your experience.</p>
<![endif]-->
<nav class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container">
<button type="button" class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="./">●●●|</a>
<div class="nav-collapse collapse">
<ul class="nav">
<li class="active"><a href="what.html">What is it? How do I use it?</a></li>
<li><a href="security.html">Is it safe?</a></li>
<li><a href="algorithm.html">How does it work?</a></li>
</ul>
<ul class="nav pull-right">
<li><a href="irc://irc.freenode.net/#masterpassword" onclick="_gaq.push(['_trackPageview', '/outbound/irc']);">#masterpassword</a></li>
<li class="divider-vertical"></li>
<li><a href="faq.html">FAQ</a></li>
<li><a href="support.html">Support</a></li>
<li><a href="http://github.com/Lyndir/MasterPassword/" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">Source</a></li>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
</nav>
<header>
<img class="background" src="img/mp-process-angled.png" data-stellar-ratio="2.5" />
<div class="container">
<div class="content">
<h2>Master Password is a wholly <strong>different way</strong> of doing passwords.</h2>
</div>
</div>
</header>
<section><div class="content">
<div class="thumb clearfix">
<h1>The Master Password way</h1>
<p>Stop writing down your passwords.</p>
<p>Stop storing your passwords in a "secure" place, such as a vault, a keychain, an app or "the cloud".</p>
<p>In fact, just stop thinking about passwords at all.</p>
<p>Master Password users have no more passwords. They have a password. Their password is their single master key for unlocking all doors.</p>
<h2>One, two, enter.</h2>
<p>As a Master Password user, there are about three steps to entering any site:</p>
<ol>
<li>Enter your master password to unlock your Master Password app.</li>
<li>Find the name of the site you want to get into, copy its key.</li>
<li>Paste the site's key into the site and log in.</li>
</ol>
<p>Most browsers will then ask you to "save" the site's password. For most people, this is a good idea and will subsequently allow you to log in without having to use Master Password at all.</p>
<h2>How do I get started?</h2>
<p>Depending on how many sites you currently hold active accounts on, this is likely going to be your biggest curve.</p>
<p>Master Password <strong><em>generates passwords</em> for you to use</strong>. That means, you <em>cannot use your old passwords with it</em> (in truth, you could, but that would defeat the purpose - you <em>shouldn't</em>).</p>
<p>For every site where you currently hold an account:<br />
Sorry, you'll have to log into the site once with your old password and update the password to the new and much stronger password Master Password has generated for you.</p>
<p>For every site you sign up with from now on:<br />
Simple: stop trying to come up with a good new password for your next account. Just copy/paste Master Password's generated password for this site into the password and confirm password fields.</p>
<h3>I want pictures.</h3>
<p>All right. Here's Robert on his iPhone:</p>
<p><img src="img/howto-twitter-signup.png" /></p>
<p>He wants to sign up for Twitter. Robert filled in all the fields, except for password. Not wanting to worry about what his twitter secret is going to be, he switches to Master Password.</p>
<img src="img/howto-mp-login.png" /></p>
<p>Of course, he begins by unlocking his user with his master password. Robert can skip this step by going into Master Password's preferences and setting it to either save his master key or remember his login, but he choses not to.</p>
<p><img src="img/howto-mp-create.png" />
<img src="img/howto-mp-create-confirm.png" /></p>
He creates a password for Twitter by using its <strong>bare domain name</strong>: <code>twitter.com</code>. He knows not to use <strike><code>mobile.twitter.com</code></strike> or <strike><code>Twitter</code></strike> or anything non-standard, because that would be very difficult to remember correctly on a later date. If he has multiple twitter accounts, he could prefix the name with a user name and an @: <code>rmitchell@twitter.com</code>,
<code>superbob@twitter.com</code>.</p>
<p><strong>Optional:</strong><br />
<img src="img/howto-mp-type-change.png" />
<img src="img/howto-mp-type-basic.png" /></p>
<p>If the account Robert's signing up for is with a website that prohibits symbols for some daft reason, Robert can change the type to <em>Basic</em> or something similar instead. Robert can also bump up the complexity to get an even more secure password if he wants.</p>
<p><img src="img/howto-twitter-paste.png" />
<img src="img/howto-twitter-done.png" /></p>
<p>When Robert created the site in Master Password, it copied the password to his pasteboard. Now, Robert just switches back to Safari and pastes his brand-new password he doesn't care to remember in twitter's password field. All done!</p>
<h2>Why, that sounds more complicated.</h2>
<p>More complicated than what, exactly? Using <code>robert17</code> for all your sites? Well, yes. That's also rather the point.</p>
<p>The point is to eliminate the many sources of insecurities related to password authentication, and yet keeping the process surprizingly trivial. What you get in exchange for these two extra first-time only steps is very robust, unique passwords which are not hackable even from a site's leaked password hashes, in addition to the freedom to forget all about passwords. Entirely.</p>
<ul>
<li>You get to stop worrying about what password you used for your bank or the government tax portal, because they both use rediculous and different password policies.</li>
<li>You get to stop writing down passwords and keeping those notes safe from others as well as safe from loss.</li>
<li>You get to stop messing with password vaults that promise to encrypt your stuff, but can't help you when you're at a friend's house, or after your appartment fire.</li>
<li>You can stop sharing the keys to your digital life with online password websites that promise all the military grade encryption while being gagged and tapped by a government agency.</li>
</ul>
<h2>I use this other password manager, and it's awesome.</h2>
<p>I shall not endeaver to quarrel with the point on the awesome scale of your other password manager. That said, Master Password was designed from the ground up specifically because of the many flaws that existed in all the popular password managers at the time. And the times haven't changed for the better since.</p>
<p>I'm going to provide an excessively brief description of the primary flaws other password managers suffer, which Master Password is free from. Please <a href="support.html">contact me</a> if you have something to add, ask or correct.</p>
<p>While each of these services have many great pros, I will only mention those that Master Password lacks.</p>
<ul>
<li><strong>Password Vaults</strong>: 1Password, Mac OS X Keychain, KeePass, ...
<p><em>Pros:</em> Some allow you the ability to change your master password or reset it if you forgot it.</p>
<p><em>Cons:</em> Your vault needs to be backed up, and you can only access your passwords if you can access the vault. Syncing the vault to all your devices is troublesome and generally relies on uploading your secrets to a company's servers. Total data loss is catastrophic.</p></li>
<li><strong>Online Vaults</strong>: LastPass, Secret Server, Mitto, ...
<p><em>Pros:</em> Some allow you the ability to change your master password or reset it if you forgot it. Some support "two-factor" authentication.</p>
<p><em>Cons:</em> Access to your secrets depends on an active data connection. You've given the keys to your global digital identity to some company you probably shouldn't trust as much as you wish you could. Their website stating that they "can't access your data" doesn't change this, nor does it make any assurances about tomorrow.</p></li>
<li><strong>Password Generators</strong>: SuperGenPass, PasswordMaker, PassHash, ...
<p><em>Pros:</em> They got the same idea as us! Yay!</p>
<p><em>Cons:</em> Sadly, nearly all of these, while claiming the same benefits as Master Password, suffer from critical flaws which either defeat their benefits (reverting them to mere password vaults) or use critically weak crypto, with the result of actually making it trivial to reverse your master password - and by extension, access to all your accounts.</p></li>
</ul>
<h2>What are Master Password's cons? Or is it flawless?</h2>
<p>Master Password also has cons. Let's be frank and list the cons that the other solutions generally don't suffer:</p>
<p><em>Cons:</em> Changing your master password requires you to update all your site passwords. A compromised or forgotten master password requires you to do the same.</p>
<p>There are some other cons, which I consider <em>"fake cons"</em>, with a justification of why I label them as such:</p>
<ul>
<li><em>My boss gave me this password to use...</em>
<p>Master Password's generated passwords only work if you use the password generated for you. You cannot use a password somebody else gave you. Only - you can: Master Password implements a hybrid solution, allowing you to save custom passwords in the app. They are AES encrypted with your master key, but like all vault-based password managers, are not immune to loss if you ever lose your phone and
backups..</li>
<li><em>I can't reset if I forgot my master password!</em>
<p>Uh, no. If you forgot your master password, you're probably an alien replica of yourself. So no, you can't reset. If you're not a replica, just make a new user with a new master password and reset all your site passwords. Remember your master password this time.</li>
<li><em>I noticed everybody's doing this two-factor thing now.</em>
<p>Two factor authentication is defined as authenticating yourself with two methods that are so distinct that a single attack cannot compromise both. Many sites claim to use two-factor authentication but actually rely only on an extra password hidden in an app on your phone or computer. If an attacker can steal your master password, he can probably download the hidden password too. Or read in your two-factor response while you're typing it in. On top of that, you're using a password manager: after your "two-factor" authentication, you get a single password to perform another one-factor authentication with a site. As a hacker, I'd go for the weakest link to break your chain.</li>
</ul>
</div>
</div></section>
<footer><div class="muted content">
<p><em>Master Password is a security product and algorithm by <a href="http://www.lhunath.com" onclick="_gaq.push(['_trackPageview', '/outbound/lhunath']);">Maarten Billemont</a>, <a href="http://www.lyndir.com" onclick="_gaq.push(['_trackPageview', '/outbound/lyndir']);">Lyndir</a> (&copy; 2011-2013).</em></p>
<p><a href="http://gorillas.lyndir.com" onclick="_gaq.push(['_trackPageview', '/outbound/gorillas']);">Gorillas</a><a href="http://deblock.lyndir.com" onclick="_gaq.push(['_trackPageview', '/outbound/deblock']);">DeBlock</a><a href="http://github.com/Lyndir" onclick="_gaq.push(['_trackPageview', '/outbound/github']);">GitHub</a><a href="http://thanks.lhunath.com" onclick="_gaq.push(['_trackPageview', '/outbound/thanks']);">Send Thanks</a></p>
</div></footer>
<!-- Scripts -->
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script>window.jQuery || document.write('<script src="js/vendor/jquery-1.9.1.min.js"><\/script>')</script>
<script src="js/vendor/bootstrap.min.js"></script>
<script src="js/plugins.js"></script>
<script src="js/main.js"></script>
<!-- Internet Defense League -->
<script type="text/javascript">
window._idl = {};
_idl.variant = "modal";
(function() {
var idl = document.createElement('script');
idl.type = 'text/javascript';
idl.async = true;
idl.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + 'members.internetdefenseleague.org/include/?url=' + (_idl.url || '') + '&campaign=' + (_idl.campaign || '') + '&variant=' + (_idl.variant || 'banner');
document.getElementsByTagName('body')[0].appendChild(idl);
})();
</script>
<!-- Google Analytics -->
<script>
var _gaq=[['_setAccount','UA-90535-15'],['_trackPageview']];
(function(d,t){var g=d.createElement(t),s=d.getElementsByTagName(t)[0];
g.src=('https:'==location.protocol?'//ssl':'//www')+'.google-analytics.com/ga.js';
s.parentNode.insertBefore(g,s)}(document,'script'));
</script>
<!-- Google +1 -->
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<!-- Tender -->
<script src="https://masterpassword.tenderapp.com/tender_widget.js" type="text/javascript"></script>
<!-- AdWords -->
<script type="text/javascript">
/* <![CDATA[ */
goog_snippet_vars = function() {
var w = window;
w.google_conversion_id = 1015576061;
w.google_conversion_label = "PcXqCPPz5AIQ_euh5AM";
w.google_conversion_value = 4;
}
goog_report_conversion = function(url) {
goog_snippet_vars();
window.google_conversion_format = "3";
window.google_is_call = true;
var opt = new Object();
opt.onload_callback = function() {
if (typeof(url) != 'undefined') {
window.location = url;
}
}
var conv_handler = window['google_trackConversion'];
if (typeof(conv_handler) == 'function') {
conv_handler(opt);
}
}
/* ]]> */
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion_async.js"></script>
</body>
</html>