Imagine a world where you only need to enter your master password on any site to generate the appropriate password. No more options to change.
It’s not that cool?
When I’m using LessPass to generate a password for my bank account, I need to remember the specific password rule associated with it. Every time I generate a password I’m associating a URL with default password rules or specific rules. This specific rule is the same for every users generating a password for this bank.
Every day, thousands of people are configuring custom rules for services they want to use. It’s time to leverage this information to improve user experience.
Community profiles
Create custom password rules for every sites is not feasible. But as a community we can create some common password rules together. See how ad blockers are working.
Immediate future
I’m going to update LessPass web extension, mobile application and web component to send anonymous data to LessPass server. Restricted to the base domain name, site and the options used to generate a password. You will have the possibility to opt out. I will create and update existing policies.
And then
Depending on the feedback, we will explore different ways to operate the information we get. Here are some ideas I have when I write those lines:
* Hall of Shame: sites with specific rules are dangerous and encourage weak password strategies. We need to put those bad practices in the spotlight in order to pressure those sites to change their password rules.
* Auto completion for the site field. Imagine with enough data, we will be able to propose auto completion in the site field. Mobile app and web extension will work the same.
* Big data leak for a web site? We will inform you that a breach occurred and will increase the counter for example. See haveibeenpwned.com to see how many data leaks occurs per month.
Why
I’m making this pivot now because a lot of users raised user experience issues. I want to explore another strategies and improve LessPass. I want to experiment, try and fail or succeed.
I hope you’re excited about the future of LessPass, and I hope we can push the limits of the stateless password managers!
