I made one of these once and stopped using it for some of the same reasons folks have in the comments:
- losing the master is catastrophic
- sign ins with dumb password rules meant I had to sync metadata
- a bad actor knowing my resulting password, their site, my username, and potentially my password version meant in theory they could brute force offline and see if they could infer my master
- I had to do silly things to use my passwords on not-my-device
- getting my password on not-my-device felt extremely dangerous
Bastion has the same failure model as a hardware wallet or SSH private key. If you want recoverability, you accept third-party trust. Bastion refuses that trade.
E2EE with a high entropy key as is the case with 1P will save you in the case of a compromise of your vaults stored externally and don't have weird limitations on what your passwords can be.
Bastion does not treat the master as a “password.” It is a cryptographic root secret equivalent to a 256-bit key. If you downgrade it to a human-memorable string, you are violating the security model. Argon2id + 210k PBKDF2 rounds + rejection sampling makes brute force economically brutal
Most prior attempts reduce to hash(master || site). Bastion treats password generation as a cryptographic protocol with explicit invariants, not a convenience function.
An important note is
Hashing ≠ memory-hard
Hashing ≠ unbiased sampling
Hashing ≠ domain separation
Hashing ≠ rotation without storage
FYI: Bastion assumes a trusted local execution environment and a strong master secret. It does not defend against a compromised OS or browser runtime. The system trades convenience (sync, cloud recovery) for deterministic, stateless, and cryptographically verifiable password generation.
- losing the master is catastrophic - sign ins with dumb password rules meant I had to sync metadata - a bad actor knowing my resulting password, their site, my username, and potentially my password version meant in theory they could brute force offline and see if they could infer my master - I had to do silly things to use my passwords on not-my-device - getting my password on not-my-device felt extremely dangerous
Also sync'ing is handy for multi-device setup.
It seems particularly important since this doesn't defend against compromised local environment.
An important note is Hashing ≠ memory-hard Hashing ≠ unbiased sampling Hashing ≠ domain separation Hashing ≠ rotation without storage