Comment by SloopJon
21 hours ago
I found the idea of a password generator appealing, mainly due to vault anxiety. I didn't (and still don't) like the idea that I can't access a resource without this precious vault. If I'm home with my tools, great. Otherwise, give me the right hash function, and I can MacGyver my way to PBKDF2 and generate my password.
However, once you introduce metadata (e.g., to deal with password rules), the idea loses most of its appeal. I wouldn't feel any more comfortable posting such a thing publicly than I would a vault.
The metadata doesn’t bother me at all. Anyone who wants to can read that I have a Seattle City Light account, that it’s password is v6, and that the password rules say it can have all alphanumeric characters and must have at least one of a weirdly narrow set of “special” characters. That information alone isn’t enough to get anywhere.
What could be considered more sensitive, if you cared, is usernames. Someone looking at my metadata would learn my hn username, for example. But I don’t really consider that “secret” info.