Master Password Reviews

Good idea, lacklustre implementation; use LessPass instead.

about Master Password and KeePassXC, Less Pass, bitwarden · · Helpful Not helpful 3 Helpful

Password managers come in different types:

  1. Those that locally encrypt/decrypt a database of login and password data and sync the encrypted version to the cloud
  2. Those that store a library locally only and let you worry about how to sync it
  3. Those that remember nothing and generate login and password info based on a particular algorithm and a master password.

For type 1, I recommend Bitwarden because it is open source, free and unlike LastPass, 1Password and Dashlane, it encrypts website addresses. This means Bitwarden's developers cannot see which sites you login to and when, whereas LastPass can, and can use this information to profile you.

For type 2, I recommend KeepassXC. It's open source, free, and compatible with the very widely used .kdbx format used by KeePass, KeePassX, KeeWeb, MacPass and others. It also can be used with the PassIFox plugin to achieve browser integration, making it a formidable, cheaper and more private LastPass alternative. It is also truly cross-platform, so the Windows, Mac and Linux experience is the same (not so for KeePass).

For type 3, I do not recommend MasterPassword. It's a mess. It has a Mac-native app which feels different to the Java one recommended for other platforms. It's also quite poorly designed in layout, and it's not clear what it stores and where. For example, you can save login information, but little information is given about this. Also, it has no browser integration or counter to change iterations of passwords. The comment underneath about it being a dumb idea is actually correct: there is no obvious way to change passwords. I recommend that if you're looking for this type of password manager, you should try LessPass (with an a). LessPass is free, open source, and plugs into your browser or comes as a mobile app. It's well laid out and has a clear counter so you can iteratively switch your passwords up if you need to change them. This is still less convenient than password managers of type 1 and 2 above, and less functional. But it doesn't store a centralized password database that could be stolen or brute-forced. On the other hand, sadly, all password managers of type 3, LessPass included, use the clipboard to transfer passwords to webpages, which is not the most secure option, and very unprivate on Windows and possibly Mac.

[Edited by JohnFastman, June 26]


One of the greatest softwares of all time

about Master Password · · Helpful Not helpful -1 Helpful

If you like command line interface, you will love M. Password indefinitely. It's one of the few softwares I must install into every device I use. It's totally free and open-source and it has supports for a variety of platforms like iOS, Android, Mac, Linux, and more. But why using GUI? Just pipe the result of mpw (Master Password command) into pbcopy and you don't have to sync, or remember any of your passwords, while you can maximize your security level only vulnerable in unimaginable situations. It's one of the few open source softwares I use everyday and I'm willing to pay for it if its developer comes up with a premium offering. Thanks much.


A dumb idea

about Master Password · · Helpful Not helpful -3 Helpful

For this program to work as advertised, it must logically be subject to the following two serious limitations:

  1. You can never change your master password.
  2. You can never change your other passwords.

It's a neat idea for a password manager, but totally impractical.