Master Password Backup

ignoramous:

lyricism:

I would hope people who are privacy and security conscious would use a secure random method to generate their master passwords

Don’t think there’s consensus on whether passwords must be “securely random”

Aren’t generatours like that of KeePass random?

ignoramous:

There’s nothing about “writing it down” that’s a single point of failure. You can write (the escrow keys, not the password) those down twice and store it in two separate safe locations (like in a safe/hardware-vault). Break the (ideally, 32 byte uniformly random; 64 hex chars) escrow keys into 4 parts (of 8 bytes; 16 characters each) and store it in 8 different locations. Not saying these are what I’d do… I’d simply write down the escrow keys once, and put in a safe. Rotate (invalidate the previous escrow key for a new one) the escrow key (or the seed that generates multiple escrow keys) every once in a long while, if the scheme supports it.

This sounds way to complicated and error prone.

And why not the real password, what is the difference with escrow keys?