I like the simplicity, but I think one concern is that if a site is breached, an attacker can bruteforce master pwd offline very efficiently (because they know url). Maybe use PBKDF2 or HMAC with very strong local secret to make bruteforce untenable?
Replying to @taviso @a_profligate
The concern would be an attacker might be able to derive the password for other sites from one breached password.
8:17 AM - 21 Jun 2018
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.