6 Pros and Cons of Spectre, the Passwordless Password Manager
Remembering passwords is hard, and entrusting the keys to your digital life to a third party is a risky proposition. That’s where Spectre comes in: a password manager which doesn’t store your passwords. So what is Spectre? And what are the benefits and drawbacks of using it for your logins?
Sign up forfree
Forgot your password?
Create an account
*Required: 8 chars, 1 capital letter, 1 number
By continuing, you agree to thePrivacy PolicyandTerms of Use.You also agree to receive our newsletters, you may opt-out any time.
Despite efforts to move towards a future ofpasswordless identity verification, passwords are still very much necessary and widely used in today’s world. Most people use passwords to access their bank accounts, email, online payment portals, and more.
So how strong are your passwords? The strongest are difficult to remember, and if you use the same password for more than one account, then all of those accounts are at risk when one of the services you use is compromised.
One solution is to use an online password management service, which keeps all of your passwords stored securely in an encrypted vault. But even this approach isn’t foolproof, as we saw with the2022 LastPass data breach, in which criminals managed to download both user vaults, and the corresponding encryption keys.
Spectre, then, is an open source app available through the web and on mobile devices which generates unique passwords based on the information you give it.
This information includes your full name, a “Spectre Secret” (similar to a master password), and the URL of the service you’re going to use.
You can plug this information into any Spectre instance and regenerate the same password—simple! But there are advantages and disadvantages to this approach.
Pro: You Don’t Need to Remember Your Own Passwords
Any technology which means you don’t need to remember hundreds of different strong passwords has to be a good thing.
By using different passwords on different sites, you ensure that if the password you use on one site is revealed, the rest of your logins are still safe.
In practice, this isn’t possible without writing the passwords down in a notebook, storing them in a text orCSV (comma separated value) fileon your PC and phone, or relying on someone else to store them for you.
If you can depend on Spectre’s algorithm to reliably regenerate your passwords on demand, you only need to remember your Spectre Secret.
Pro: No One Can Steal Your Passwords From a Vault
The LastPass data breach was devastating to those affected, and couldn’t have occurred if all the passwords weren’t stored in vaults.
As Spectre doesn’t actually keep your passwords, there’s nothing for criminals to download.
Pro: You Can Access Your Passwords on Any Device
Spectre is currently only available as a native app on iOS—although clients are being developed for macOS, Windows, Linux, Android, and as an API. You can also download thesource code from GitLaband compile it yourself.
You can use Spectre on any device with the embedded tool on theSpectre website. This means that as long as you have an internet connection, you can generate and regenerate your passwords wherever you are, or on anyone’s computer.
Con: Changing Your Master Password Is an Admin Nightmare
For your master password, or Spectre Secret, Spectre gives an example of three words, which, together with your name and the site domain name, will generate a unique password.
But your name is easy enough to come by, and there are certain services almost everyone uses.
What if someone learns your master password? Maybe you’ve used the names of your last three pets, your siblings, your children or something else that is easy to guess. An attacker can use your Spectre secret to regenerate the passwords for every single one of your online accounts.
You’ll need to think up a new secret, and use it to generate new passwords for every one of those accounts, visit them in turn, and manually set the new password.
In contrast, if you change your master password with a password management service, you don’t need to change any other passwords.
Con: It’s Possible to Crack the Master Password
Eventually, one of the sites for which you generated a password with Spectre will suffer a data breach. Your email address, full name, and password will be exposed to the world.
If you want to see if your credentials have already been leaked,Haveibeenpwned is a trustworthy and reliable resource.
As you’ll recall, your now compromised password is generated from your name, your Spectre secret, and the website URL. The example secret phrase used by Spectre is “banana colored duckling”. All three of those words are found in thislist of 25,000 popular words.
As of 2019, a single device running a mid-range graphics card could guess at 100 billion passwords per second.
The maximum combination of three word secrets you can generate from the 25,000 word list is 15 trillion 625 billion.
Running through these sequentially, combined with your known name and the site URL, then comparing the output to the stolen site password, it should take no longer than three minutes to reveal your Spectre secret. This is largely because you can run Spectre offline in a terminal, and incorporate itinto other command line apps.
With your Spectre secret uncovered, attackers can quickly work out passwords for other sites you use.
Adding a single extra word to your Spectre Secret will potentially raise the cracking time to over a month, while adding two could see your Secret remaining safe for three millennia.
But “banana colored duckling groundhog piano” isn’t quite so easy to memorize or recall, and is tedious to type.
Con: Website URL Changes Can Ruin Your Passwords
You feed the website URL into Spectre, and it uses that URL as part of the password generation process. Typically, you’d do this by copying and pasting whatever’s in the URL bar right now.
Website structures change as owners and admins look for better and more efficient ways of doing things. Subdomains eventually merge with the main site, and login pages move.
For example, “news.bbc.co.uk” used to be its own discrete website; now it redirects to “www.bbc.co.uk/news".
With a traditional password manager, you could carry out a wildcard search for your credentials. With Spectre, you need to remember the exact URL you used to use before the URL changed.
Staying Safe Online Is Difficult
Spectre is just one of the ways you can attempt to keep your passwords safe and out of the hands of criminals.
But strong passwords are only one part of the solution. There are a number of free online security tools you can easily use to boost your security
Looking to improve your internet security? Here are six free online security tools you may easily use to boost your security.
I gripped my chair the entire time—and then kept thinking about it when the screen turned off.
Obsidian finally feels complete.
It’s not super flashy, but it can help to keep your computer up and running.
Windows is great, but adding this makes it unstoppable.
This small feature makes a massive difference.
