Long time no blogâ€¦ I know. It was a fairly busy and very intense time.
Since quite a while I am using a password manager since a long time for “not so critical” passwords. It is could-based and helps me a lot from a convenience point of view. However, it has one single caveat: the master password. Whenever that one is compromised, I will lose my vault.
Now, there seems and interesting approach to this problem to be published: What if the vault would not respond with a “wrong userId/Password” message in the event of a failure but with a vault with random passwords? It is kind of an interesting approach as it would make an attack very time consuming as the attacker would never know, whether it hit the golden pot or not.
Read more here: The best way to protect passwords may be creating fake ones