2
0

Fix anchors.

This commit is contained in:
Maarten Billemont 2015-01-19 00:17:14 -05:00
parent 9052416786
commit aa6634970a

View File

@ -72,7 +72,7 @@
<p>In fact, just stop thinking about passwords at all.</p> <p>In fact, just stop thinking about passwords at all.</p>
<p>Master Password users have no more passwords. They have a password. Their password is their single master key for unlocking all doors.</p> <p>Master Password users have no more passwords. They have a password. Their password is their single master key for unlocking all doors.</p>
<h2 name="how">One, two, enter.</h2> <h2 id="how">One, two, enter.</h2>
<p>As a Master Password user, there are about three steps to entering any site:</p> <p>As a Master Password user, there are about three steps to entering any site:</p>
<ol> <ol>
<li>Enter your master password to unlock your Master Password app.</li> <li>Enter your master password to unlock your Master Password app.</li>
@ -118,7 +118,7 @@
<li>You can stop sharing the keys to your digital life with online password websites that promise all the military grade encryption while being gagged and tapped by a government agency.</li> <li>You can stop sharing the keys to your digital life with online password websites that promise all the military grade encryption while being gagged and tapped by a government agency.</li>
</ul> </ul>
<h2 name="others">I use this other password manager, and it's awesome.</h2> <h2 id="others">I use this other password manager, and it's awesome.</h2>
<p>I shall not endeavour to quarrel with the point on the awesome scale of your other password manager. That said, Master Password was designed from the ground up specifically because of the many flaws that existed in all the popular password managers at the time. And the times haven't changed for the better since.</p> <p>I shall not endeavour to quarrel with the point on the awesome scale of your other password manager. That said, Master Password was designed from the ground up specifically because of the many flaws that existed in all the popular password managers at the time. And the times haven't changed for the better since.</p>
<p>I'm going to provide an excessively brief description of the primary flaws other password managers suffer, which Master Password is free from. Please <a href="support.html">contact me</a> if you have something to add, ask or correct.</p> <p>I'm going to provide an excessively brief description of the primary flaws other password managers suffer, which Master Password is free from. Please <a href="support.html">contact me</a> if you have something to add, ask or correct.</p>
@ -139,7 +139,7 @@
</ul> </ul>
<h2 name="cons">What are Master Password's cons? Or is it flawless?</h2> <h2 id="cons">What are Master Password's cons? Or is it flawless?</h2>
<p>Master Password also has cons. Let's be frank and list the cons that the other solutions generally don't suffer:</p> <p>Master Password also has cons. Let's be frank and list the cons that the other solutions generally don't suffer:</p>
<p><em>Cons:</em> Changing your master password requires you to update all your site passwords. A compromised or forgotten master password requires you to do the same.</p> <p><em>Cons:</em> Changing your master password requires you to update all your site passwords. A compromised or forgotten master password requires you to do the same.</p>
@ -154,7 +154,7 @@
<p>Two factor authentication is defined as authenticating yourself with two methods that are so distinct that a single attack cannot compromise both. Many sites claim to use two-factor authentication but actually rely only on an extra password hidden in an app on your phone or computer. If an attacker can steal your master password, he can probably download the hidden password too. Or read in your two-factor response while you're typing it in. On top of that, you're using a password manager: after your "two-factor" authentication, you get a single password to perform another one-factor authentication with a site. As a hacker, I'd go for the weakest link to break your chain.</li> <p>Two factor authentication is defined as authenticating yourself with two methods that are so distinct that a single attack cannot compromise both. Many sites claim to use two-factor authentication but actually rely only on an extra password hidden in an app on your phone or computer. If an attacker can steal your master password, he can probably download the hidden password too. Or read in your two-factor response while you're typing it in. On top of that, you're using a password manager: after your "two-factor" authentication, you get a single password to perform another one-factor authentication with a site. As a hacker, I'd go for the weakest link to break your chain.</li>
</ul> </ul>
<h2 name="trust">You speak of trust, how can I trust you?</h2> <h2 id="trust">You speak of trust, how can I trust you?</h2>
<p>A very valid question, and arguably the most important one to ask!</p> <p>A very valid question, and arguably the most important one to ask!</p>
<p>Trust is a very difficult thing to guarantee. Powerful entities will solicit your trust by appearing with it and coming well recommended. Trust can also be assured by legalese or contracts. If you have the means and energy to hold an entity responsible for his claims and actions, this might be sufficient for you.</p> <p>Trust is a very difficult thing to guarantee. Powerful entities will solicit your trust by appearing with it and coming well recommended. Trust can also be assured by legalese or contracts. If you have the means and energy to hold an entity responsible for his claims and actions, this might be sufficient for you.</p>
<p>Most of us mere mortals cannot afford this level of trust enforcement, however. We're mostly left in the position of trusting claims blindly, in the hopes that companies will not violate those claims for fear of taking a seizable public-relations hit.</p> <p>Most of us mere mortals cannot afford this level of trust enforcement, however. We're mostly left in the position of trusting claims blindly, in the hopes that companies will not violate those claims for fear of taking a seizable public-relations hit.</p>