Cons of using a Stateless password manager

Jun 17, 2020 by Kolappan N

They are password managers that generate password based on certain values. For example, they will generate password using your email, website / app name and a secret phrase. The idea being that you will only need to remember a single secret phrase and the passwords need not to be stored anywhere.

When I was starting to use a password manager I tried a few of them. These Stateless password managers are really not that much usable. Here is why

1. All passwords are linked

All the passwords in the password manager are linked to the master password or secret. This causes a lot of problems including

2. Deterministic password generators cannot accommodate varying password policies.

Some sites will need mandatory symbols with passwords but some sites do not allow symbols in passwords. Some websites like Payback support only numeric PIN. Users either need to tweak the generated password or change settings. In either case, they need to keep the tweak or settings in memory which is not good.

This will also become the case if a website forces you to change password. Consider a website which requires changing password every 90 days. You will name the website like website, website1, website2, etc… in order to avoid changing the password for all sites. Now you will have to remember which number you are on.

3. Password managers provide additional options

A key difference between using a stateless password manager and a password manager is that password managers can store additional data such as