So you have been researching password managers and you have discovered that all password manager apps require you to remember a "Master Password". This probably makes you wonder, "but aren't I using a password manager so I don't have to remember my passwords anymore?"
Great question! We will discuss what a master password is, why it is used, and why Stash does not require one.
What is a Master Password?
The simplest explanation of what a master password is can be fondly pulled from the great movie series Lord of the Rings:
One password to rule them all!
Passwords are your access points to your digital accounts. They typically either restrict access to your account or they are used to encrypt the data in your account.
When it comes to a password manager app, the data you are storing in the app is your list of passwords. It is very important that ONLY you can access them because you are putting all your eggs in one basket, so to speak.
A master password is a password used to control access to your list of passwords.
Why are Master Passwords used?
To understand why master passwords are used, you do need to understand a bit of the history of how password managers came to be what they are today.
In the early days of using digital accounts, a person could remember a few passwords fairly easily and would reuse the best ones they felt would be hard to figure out. But as the number of digital accounts grew, we quickly reached our limit of how many passwords we could remember so we were either forced to reuse our passwords more or start keeping track of them another way.
Paper and pen have long been a popular way of tracking passwords, but this method quickly became tedious when the number of passwords grew into the hundreds. A lot of time became wasted looking up passwords and creating new ones, which grew frustrating. And what happens if you lose your paper or someone steals it?
The tech savvy person recognized that computers are designed to perform our most tedious tasks and they are good at it. So people started keeping track of their list of passwords in text files and spreadsheets on their computers. This was great! Looking up passwords and changing passwords was much quicker, and a computer was much harder to steal or lose than a paper notebook. But what if you need to travel? Or what if you need to use a different computer?
This is when cloud storage came to save the day, or so we thought. By storing your list of hundreds of passwords in cloud storage, you could then access them from any computer connected to the internet. Amazing! And how do we restrict access to accounts on the internet? Well, with a password of course. Thus the master password was born.
So what is the problem with a Master Password?
Nothing really per se. A master password is just another password. But doesn't that then beg the question,
Isn't that just solving the problem with the problem?
It is a good question. The reason you are looking for a password manager is that there are too many companies that require online accounts and they have proven they cannot keep your information safe. This means you cannot reuse any passwords between accounts because if one gets hacked the rest can be hacked as well. As a result, you are left with keeping track of hundreds of passwords.
So then does it make sense to use another online company as a password manager to keep all of your passwords in cloud storage and hope they are the one online company that can protect your data?
We didn't think so, so we created Stash.
Does Stash require a Master Password?
No. There is no need. Your list of encrypted passwords is stored in one physical location controlled by you; either on your phone directly or on your Stash card. Literally in your hands. You typically carry your phone with you wherever you go, so your passwords are always at your fingertips whenever you need them.
But don't you have to have a password to encrypt your passwords for storage? It is a good question, but no. Your phone essentially becomes an encryption key for you.
Stash users love the convenience of simply opening up their phone to look up a password without having to remember any extra passwords or being forced to sign in multiple times to find it.