Master password: what is it and do I need one?

Many people refer to a master password as the "master key" to unlock a user's password manager. But there is also Maarten Billemont's Master Password algorithm, a technology intended to replace conventional password managers.

This article will explain both concepts, why you need a password manager, and how to protect your credentials from cybercriminals.

TeamPassword is a secure password manager for sharing credentials with employees, freelancers, clients, and contractors. Sign up for a 14-day free trial to guard your company's credentials against cyberattacks.

‏‏‎ ‎

What is a Master Password?

If you're using a password manager, then technically, you only need to remember one set of credentials—the master password to log into your password manager.

For example, TeamPassword stores your credentials and then logs you into your accounts using one of our browser extensions (Chrome, Firefox, Safari)—similar to saving passwords in Chrome and other browsers.

Once you're logged into TeamPassword using your master password, the password manager does the rest. You never have to remember your credentials.

‏‏‎ ‎

What is the Master Password Algorithm?

Maarten Billemont designed the Master Password algorithm in 2012 as an alternative for traditional password management tools. Instead of storing passwords, the Password Manager algorithm recreates users' credentials each time they log in.

The idea behind Master Password is that if you don't store credentials, then criminals can't steal your passwords if they hack your network or device.

For Master Password to be effective, you must turn off device and browser password-saving features, so your credentials are never stored anywhere.

It's important to note that Master Password is currently undergoing an overhaul and will be switching to a revised version (Spectre), which is currently in beta testing.

‏‏‎ ‎

How Does the Master Password Algorithm Work?

The Master Password algorithm works a little like a calculator. You enter a series of parameters (including your name, master password, and site/app you're logging into), and Master Password calculates your password.

The Master Password app also takes a counter, which starts at 1 by default. The counter allows you to change your password. Every time you change a password, the counter increments by 1. 

For example, you create a password for Instagram; the initial counter is 1 when you reset your Instagram password, the counter changes to 2.

You copy/paste the password into the password field for the login form, and you're done! The process works the same for creating passwords and logging into accounts.

The only parameter you need to memorize to calculate a password is your master password. Everyone should know their name, and the account is easy to remember because it appears in the address bar or app header.

‏‏‎ ‎

Master Password Algorithm Example

Here is an example for creating or logging into a Facebook account for John Doe using the Master Password algorithm.

  • Name: John Doe
  • Master password: secret password phase
  • Account: facebook.com
  • Counter: 1

You enter these three parameters, and the Master Password app produces a password: tX0!tX7~qZ3!vO. Every time you enter those same parameters, Master Password will create the exact same password.

John Doe x secret password phrase x facebook.com x 1 = tX0!tX7~qZ3!vO

Rather than storing your password, Master Password calculates a result based on the parameters you enter. The master password always stays the same; only the name and account parameters change.

If you need to change your password, you increment the counter, and Master Password creates a new unique password. 

Password change example for the same Facebook account:

  • Name: John Doe
  • Master password: secret password phase
  • Account: facebook.com
  • Counter: 2

John Doe x secret password phrase x facebook.com x 2 = hS7}oD3:pO8^uI

For future logins, you have to remember your counter is 2 and no longer 1. The counter is the Master Password's biggest flaw! It can be difficult for people who have many accounts to remember what counter you're on for each one.

For example, your Twitter account might be on 4, Facebook on 7, Instagram on 1, and LinkedIn on 3. Keeping track of your counters could get overwhelming and confusing.

A user asked this question on Master Password's community, and the answer was: "To recover a lost non-default counter, just increment the counter and try the password on the site until you succeed."

The problem with this solution is that most websites and applications block your account after a certain number of failed attempts to prevent brute force attacks.

‏‏‎ ‎

What Apps Apply the Master Password Algorithm?

Maarten Billemont has made the Master Password algorithm free under the GPLv3 license. Meaning, anyone can run, study, share and modify the code. So, there are possibly many individuals and businesses using the technology privately.

There are two commercially available Master Password algorithm apps:

  • Master Password
  • Spectre

‏‏‎ ‎

Pros and Cons of Master Password Algorithm & Who is it For?

Pros of Master Password algorithm:

  • There is zero chance of criminals stealing account credentials from your device, including if your device is lost or stolen
  • You only need one master password
  • The code is free to use so that anyone can develop a Master Password app
  • You create unique passwords for every account

Cons of Master Password algorithm:

  • The Master Password only works for personal use. No way to share credentials with coworkers
  • Recalling passwords is slow—you have to open Master Password separately, enter the parameters, and then copy/paste the password.
  • Changing passwords means you have to change your counter. If you have lots of accounts (which most people do), you have to remember the counter for each one. If your accounts are all on a different counter, things can get very confusing. The only solution is to reset your password, resulting in another counter increment to remember!
  • If someone manages to steal your master password—through a spear-phishing attack, scam, or other means, they can download Master Password and calculate your passwords.

With these pros and cons in mind, using Master Password-based apps makes sense for personal use or companies that don't share the same credentials.

Even then, Master Password's counter flaw can create issues that could lead to time wasted figuring out which counter you're on or resetting passwords.

‏‏‎ ‎

TeamPassword: A Better Password Management Solution

TeamPassword is a robust password management solution for teams to share credentials securely. Passwords are hashed, salted, and encrypted locally on your computer and then transmitted via an encrypted connection to the TeamPassword server.

This password storage method means you can never preview passwords (prevents unauthorized sharing), and not even TeamPassword can retrieve your credentials.

TeamPassword is a secure hosting provider with multiple security accreditations and uses state-of-the-art encryption technology.

Secure and Easy Credential Sharing

Unlike Master Password, TeamPassword lets you share credentials with employees, freelancers, and clients. 

Here's how easy it is to share passwords in TeamPassword:

  1. Create a TeamPassword account for your business—we offer a 14-day free trial ;)
  2. Add your passwords to TeamPassword—we recommend resetting your passwords when moving to TeamPassword using our built-in secure password generator.
  3. Provide each team member with a TeamPassword login
  4. Create groups for your various accounts and add only the team members who need access—for example, a "Social Media Group" will have all your social media accounts, and only the social media or marketing team will have access
  5. Revoke access for any team member with a single click—no need to change passwords when someone leaves

If you need to change a password, simply use the built-in password generator, and TeamPassword automatically updates the new credentials for all users. No need to inform anyone or share the new password.

Features to Prevent Breaches

Each team member can protect their TeamPassword account with two-factor authentication (2FA)—we use Google Authenticator available on iOS and Android.

With 2FA, even if attackers steal a team member's TeamPassword credentials, they can't log in without the second authentication step.

In the unlikely event that someone does breach your TeamPassword account, attackers have no way to preview or export your company's stored credentials.

Keeping Track of TeamPassword Activity

Another feature Master Password lacks is an activity tracking and email notifications—crucial for reacting fast to suspicious activity!

TeamPassword's activity log keeps track of every action, including logins, sharing, password resets, new team members, and more. You can also set up email notifications for TeamPassword actions for instant alerts.

‏‏‎ ‎

More Master Password Alternatives

At TeamPassword, we're confident that we have the most secure and user-friendly password manager, so we don't mind sharing some of our competitors.

  • 1Password - An effective password management solution for personal use. Lacks features to use for businesses and teams.
  • LastPass - Another effective password manager for individual use. Not very user-friendly—if you're not tech-savvy, LastPass can be difficult to learn.
  • DashLane is one of the most popular password managers for personal and family use and one of the most expensive. Each paid plan has limits, forcing you to upgrade as your accounts/passwords increase.

TeamPassword has no limits on the number of passwords or accounts you can store!

‏‏‎ ‎

Try TeamPassword for Free

The only master password you need is for your TeamPassword account!

Test our Groups and Sharing feature with your team members to experience the convenience of secure password sharing with TeamPassword. Sign up for a 14-day free trial today!