sites profile syncing

gettons's Avatar

gettons

03 Jan, 2018 01:53 PM

Hello there,

pretty impressed by the idea around it. I have started taking a look at the app, however I am struggling to find a way to keep the sites profile ( the one you can export - import ) on external storage. Ideally some kind of integration with cloud based providers ( or even webdav ) would be beneficial so that the user does not have to manually export and import if using masterpassword on a second device.
As the profile does not contain too much of sensitive data, this could be an interesting option.
The main benefit being the fact that you don't have to : 1) export/import OR 2) remember the site configuration for all you logins ( as some sites have limitations when it comes to length of password and/or allowed characters in the password field ).

I am not sure if anyone else has already investigated the above ?

  1. 1 Posted by Tuq Sagago on 03 Jan, 2018 02:01 PM

    Tuq Sagago's Avatar

    Apart from being unnecessary, I think your idea is superfluous and defeats the main purpose of this unique system.

    Do you fully understand how it works?

    Sent from ProtonMail Mobile

  2. 2 Posted by gettons on 03 Jan, 2018 03:18 PM

    gettons's Avatar

    I belive I do, but I am not entirely sure you understood my question. Apologies for the bad wording.

    What I am saying here is say you have 200 entries, with a mixture of Maximum Security, Long, Medium, PIN password types and want to export the sites configuration, the only way is to actually export the file and import. Unless you remember the password requirements are for every single ones ( characters allowed, max password length, etc... )

    Given the secure export file looks like this :

    # Master Password site export
    # Export of site names and stored passwords (unless device-private) encrypted with the master key.
    #
    ##
    # User Name: bla bla
    # Avatar: 0
    # Key ID: blablablabla
    # Date: 2018-01-03T15:09:10Z
    # Version: 22222222222222.5.2
    # Format: 1
    # Passwords: PROTECTED
    ##
    #
    # Last Times Password Login Site Site
    # used used type name name password
    2018-01-03T14:55:15Z 0 17:3:1 user1 blue
    2018-01-03T14:55:28Z 0 16:3:1 user1 orange

    I see little to worry about if this file possibly gets stolen. It's indeed not ideal, as login name together with other fields is used to generate the password ( along with the masterkey ), but I am not sure the burden of having to export and import again whenever you want to add a new site is much more appealing. Unless of course you do it manually on all of your devices.

  3. 3 Posted by Tuq Sagago on 04 Jan, 2018 01:35 PM

    Tuq Sagago's Avatar

    Personally, I don't see such a feature as a priority - given the speed and convenience of the current configuration together with the security benefits of it being off-line.

    Are the risks of third party cloud integration worth it? It may harm the reputation of mpw's USP which, for me, is its off-line nature.

    Have you considered using something like [Hazel](http://www.noodlesoft.com/hazel.php) or [Maid](https://github.com/benjaminoakes/maid)?

    Sent with [ProtonMail](https://protonmail.com) Secure Email.

  4. 4 Posted by Stefan Bühlmann on 16 Apr, 2018 03:04 PM

    Stefan Bühlmann's Avatar

    Hi
    I have the same wish&problem. I have some hundred accounts to manage.
    Some systems force you to use a certain login name (or your preferred is already taken - ok i can use the name@url notation).
    Some „clever“ admins force you to change passwords every 3 months.
    And some sites have annoying limits on password lengths or charactersets.
    The latter two aspects makes it really impossible to remember for 200 entries.
    And how can i transfer a list of 200 to another device? There is an export feature, but i couldn’t find an import function.
    If there were an export & import function, i could transfer it while inside a secure network.

  5. Support Staff 5 Posted by Maarten Billemo... on 16 Apr, 2018 03:22 PM

    Maarten Billemont's Avatar

    It's important to be conscious of the fact that Master Password is not supposed to be an app that keeps track of things for you.

    It is supposed to be a calculator. Calculators don't sync things.

    As soon as you start using Master Password to keep track of things for you, you're falling into the pit that we're trying to save you from. You become dependent upon state. If the state ever disappears due to loss or corruption, you are in the same bad spot as you would have been with a regular vault-based password manager.

    It's my recommendation that you try to simplify instead of trying to keep track of your complexity.

    Pick a default password template that best supports your use case. For rotating passwords, use the password counters. If passwords rotate based on chronology, use a counter that encodes the chronology so you don't need to remember the counter value itself. (eg. every year, increment by 10, every quarter of the year, increment by 1)

  6. 6 Posted by Stefan Bühlmann on 16 Apr, 2018 03:52 PM

    Stefan Bühlmann's Avatar

    Hi Marteen
    But why not an import function when you offer an export?

  7. Support Staff 7 Posted by Maarten Billemo... on 16 Apr, 2018 03:58 PM

    Maarten Billemont's Avatar

    There is an import function. Which app are you referring to?

  8. 8 Posted by Stefan Bühlmann on 16 Apr, 2018 04:01 PM

    Stefan Bühlmann's Avatar

    On the iPhone App

    Viele Grüße, Stefan Bühlmann, +41 76 41 41 824 Gesendet mit ProtonMail

    Sent from ProtonMail Mobile

    AN Mo., Apr. 16, 2018 bei 17:58, Maarten Billemont <[email blocked]> Schrieb:

  9. Support Staff 9 Posted by Maarten Billemo... on 16 Apr, 2018 04:02 PM

    Maarten Billemont's Avatar

    You simply open the export file, hit the share button and select Master Password from the options.

  10. 10 Posted by Stefan Bühlmann on 16 Apr, 2018 04:09 PM

    Stefan Bühlmann's Avatar

    Oh, thx

    Viele Grüße, Stefan Bühlmann, +41 76 41 41 824 Gesendet mit ProtonMail

    Sent from ProtonMail Mobile

    AN Mo., Apr. 16, 2018 bei 18:02, Maarten Billemont <[email blocked]> Schrieb:

  11. 11 Posted by Denis on 07 Sep, 2018 06:36 PM

    Denis's Avatar

    > As soon as you start using Master Password to keep track of things for you, you're falling into the pit that we're trying to save you from. You become dependent upon state.

    In a way, you are always dependent on a state. The site you are tying to log in requires not only your password, but user name as well. Here is your state. You can chose to remember it (together with all other metadata to hundreds of sites), or you can save and sync it using one of the numerous cloud solutions (I prefer chrome extension, and just synching chrome extension state).
    And yes, sites use ridiculous password rules that users have to dance around by choosing weaker patterns*, and sometimes sites force you to come up with a new password as well. It's a burden for user to carry that a good MPA implementation can help with.

    Specifically on default templates: there is a way to solve a situation when site doesn't support specific characters without weakening the template. Consider an option to let user specify what special characters site explicitly rejects, and generate new passwords with the same template (maximum, long) increasing the counter until the requirement is met. Remember that counter in the metadata - and you are good!

  12. Support Staff 12 Posted by Maarten Billemo... on 07 Sep, 2018 06:52 PM

    Maarten Billemont's Avatar

    Note that you can also generate usernames, so you could avoid having to remember a username.

    In terms of allowing custom templates: I'd rather avoid this, since that means you need to reconstruct the rules you used for a site when you generated your password for it when you want to regenerate the password later (ie. the site-specific rules become state). Further, password rules can change.

    Ideally, I'd prefer to look into getting one or two templates that are maximally accepted by sites all over the net. Key here will likely be: keep the character set as basic as possible and gain entropy through password length.

    — Maarten Billemont (lhunath) —
    https://www.lhunath.com <https://www.lhunath.com/> – https://masterpassword.app <https://masterpassword.app/>

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

09 Oct, 2023 03:28 PM
09 Oct, 2023 02:56 PM
22 Jun, 2022 11:22 AM
02 Feb, 2022 02:22 PM
25 Jan, 2022 11:25 PM

 

31 Dec, 2021 11:42 AM
22 Dec, 2021 06:41 PM
04 Nov, 2021 01:24 AM
30 Oct, 2021 08:29 PM
21 Oct, 2021 08:44 AM
14 Sep, 2021 08:02 AM