-
Notifications
You must be signed in to change notification settings - Fork 3
Help and FAQ
Obliviate is a different kind of password manager: one that does not store your passwords anywhere.
Instead, your passwords are derived using the name of a site (for example, “github”) and a super-secret cipher key that only you know about. For a given pair of site name and cipher key, Obliviate will always derive the same password.
Go to obliviate.app. It uses the same algorithm and will therefore give you the same passwords as the desktop version.
Yes, you usually want to stick to one cipher key, so that you can have different passwords for each site while still having to remember only one thing. It can act like a master password of sorts.
While you only have to remember one string of characters, the generated passwords will all be different per site. Even if one of them gets compromised, and attacker cannot use it on other sites.
If you change either your cipher key or the site name provided to Obliviate, you will receive a new password. Ideally, you want to change the cipher key rather than the site name, because the site name is easier to guess in case someone knows your cipher key.
Since it is not stored anywhere except your brain, it is unlikely to get compromised unless you share it with someone.
However, if an attacker knows one of your passwords and also knows that you use Obliviate, they can attempt to find your cipher key by brute force. To make such attempts fail, choose a strong cipher key.
- Keep it long.
- Do not use just dictionary words or names of people, pets or places close to you.
- Use uncommon characters: special characters, diacritics, emoji—virtually any valid Unicode character.