oneshallpass icon indicating copy to clipboard operation
oneshallpass copied to clipboard
verified publisher icon maxtaco

Make it possible to change the passphrase

Open sit opened this issue 11 years ago • 3 comments

(Perhaps I've missed it but) I don't think there is a way to change your passphrase.

sit avatar Feb 03 '14 15:02 sit

Not possible, and it's actually an implementation headache, since everything needs to be reencrypteed with the new password. And all of your derived passwords will change. This is actually one of the biggest flaws of the system.

maxtaco avatar Feb 03 '14 15:02 maxtaco

Oh I see. That's a bummer. You could move to a HMAC key that is randomly generate and stored inside a lockbox protected by the derived key? That should still be safe and would allow password changes; migration from old format also seems possible.

sit avatar Feb 03 '14 15:02 sit

Yeah, this is potentially the way to go. This is more like 1password. But then you need some sort of server-side state, which you don't really need with 1sp. So trade-offs. I'm probably not going to do much work on oneshallpass in the short-term, we're just about to launch another product.

maxtaco avatar Feb 03 '14 19:02 maxtaco