{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreid3bna6o2k62evns4uxd4y4ttekn2rjhg77gna6gkqsf47vfu6q3a",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mlizdgzcq652"
  },
  "path": "/t/master-password-backup/37745#post_14",
  "publishedAt": "2026-05-10T13:14:11.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "ignoramous:\n\n> It is fine the way password managers vend them out, with sufficient _entropy_.\n\nI think the issue is just that you can’t really measure entropy of a non-random password. Cryptographic entropy is a property of the mechanism by which the password was generated, not the password itself. That’s why a passphrase of x characters has less entropy than a password with x characters. If someone creates a password that’s just their name any entropy estimate will be inaccurate. You need a secure random method of generation for any entropy estimates to be accurate.\n\nignoramous:\n\n> Password managers better have “escrow” mechanisms and not be reliant on a single knowledge factor…\n\nYeah, but that makes them use a combination of factors, they don’t purely use a possession factor either. Maybe I misunderstood your point though and you were saying that they _involve_ a possession factor rather than _just_ a knowledge factor? Which yeah I agree with in the case of offline password managers to some extent, although in all cases I think they are designed so that the security model doesn’t rely at all on the possession factor of the vault itself.",
  "title": "Master Password Backup"
}