I'm not surprised to be honest. In the city I currently live in, since moving here a year ago, I've never even gotten the bus because an uber is maybe twice the price but 10x more convenient and 5x as fast to get to the local train station... To get to the next city along, it's a 15min uber or >1hr public transport commute... However, if Uber didn't exist here, I don't think I'd be taking taxis because they are far more expensive.
I used to use SuperGenPass[1] to do exactly this, but what you'll soon find is that every website has slightly different password rules, so you'll have to start memorizing unique settings for each site (i.e. website X can't have certain chars, website Y can't be longer than 12 chars, etc...). Then you run into the issue of multiple things you need to remember, such as secret answers for various questions, birthdays that you may lie about, etc...
Much easier to just use a vault to store all this.
Why couldn't long press do both? Make "wiggle icons" the top app shortcut or something. ("Move icon" would probably be a less silly name.)
You don't see how what you just wrote is drastically more complicated to the average user? Tiny differences in time and pressure determines two different features when pressing an app icon.
This is what it's like in Scotland!! People here get SO angry, thinking that you have "skipped" all the other patiently waiting people... And then they don't let you merge! And it makes absolutely no sense to me, because they cause one reallllyyyy long traffic jam then...
I always thought of The Verge as Joshua Topolsky, Nilay Patel, and Paul Miller... It's been kinda of a so-and-so website in the past year, so I'm not surprised he's leaving before the whole site goes downhill..
Good on him though, excited to see what he writes about. Fingers crossed we get some good podcasts though!
I've contacted AirBnB regarding several unprofessional experiences, and I've found that AirBnB themselves were quite amateur. This has changed, and AirBnB are starting to grow up. Hopefully this sort of stuff doesn't happen again...
I once tried to keep a spreadsheet (Apple's Numbers) for fuel cost / consumption / mileage, etc. for my car. I found Numbers to do the job best, but still got fed up of trying to do it all...
(unfortunately) The more I think about this, the more flaws I find... I looked through pastor.py and essentially you're just creating a different password. There's no difference between using this generated password and another password (you could argue that the generated password is harder to brute force, but that's it really).
"The generated password is also site-unique and thus leaves you more resilient against sites losing their password databases or being outright malicious"
Assuming this tool would become popular, I do not think it would make any difference in scenario you described. If I know that a lot of people use this to generate their passwords, I can:
* guess the door id (e.g. facebook or fb for facebook.com),
* concatenate it to usual attack guess,
* hash the result one more time and continue in exactly the same way as usually.
Bonus for attacker: if any of password databases leaks and attacker manages to acquire your passphrase the above way, he needs only few door id guesses to get access on any of yours accounts.
That's the usual purpose of a password manager. Freeing you from having to remember long and/or complex passwords so you can effortlessly have stronger passwords and more convenience (also different passwords for different services without having to remember them all).
Keep in mind that this is something for personal use to retrieve passwords used somewhere, not for storing passwords for users within a service (at least your confusion sounds like you might be confusing those two things).
The problem is that the 'door' is your password now - you have to remember all the different doors, or use a password manager to store them for you... But then why not just keep the actual passwords in the manager?
The door is just the identifier you use for retrieving a certain password. You can just use your username, or the e-mail address you used to sign up. Said identifier is not a password in that it's not secret. You can even write them down.
The generated password is also site-unique and thus leaves you more resilient against sites losing their password databases or being outright malicious, but the rekeying problem in the grandparent post is a major (essentially fatal) downside.
I'm not sure if I quite understand this - so you're hashing the pass-phrase+doorID, and then storing that? Doesn't that mean that the hashed, well, generated password is always the same, regardless which website you are on?
I like the idea of supergenpass, as it's creating unique passwords on a website basis as it hashing a password+URL to create unique website passwords.
I think the idea is that you choose a unique door id for every website, something you can easily remember.
It's also a deterministic (but difficult to reverse, I assume) algorithm, so it doesn't ever store anything, you just regenerate the password to "look it up".
The password is essentially hash(passphrase + door id). Which means, nothing is stored, because both of those are inputs to the program. At least that's how I understood it.
But what I don't understand is, if the password is never stored, how can you allow for logins, etc.? I mean, there must be a way of comparison, or something? I think perhaps I'm having a brain melt, or I'm misunderstanding this completely. To me, this looks like it's creating a password from hashing the pass-phrase and doorID, but that just then generates another password...
