While password managers are a vital tool for internet security, they can also create a massive central point of failure, as evidenced by several major recent data breaches. For over 20 years, deterministic password generators (DPGs) have been proposed, and largely rejected, as a viable alternative to password management tools. In this paper, we survey 45 existing DPGs to asses the main security, privacy, and usability issues hindering their adoption. We then present a new multi-factor deterministic password generator (MFDPG) design that aims to address these shortcomings. The result not only achieves strong, practical password management with zero credential storage, but also effectively serves as a progressive client-side upgrade of weak password-only websites to strong multi-factor authentication.

翻译：尽管密码管理器是互联网安全的重要工具，但它们也可能成为巨大的单点故障——近期多起重大数据泄露事件已证明了这一点。二十多年来，确定性密码生成器（DPG）一直被提出作为密码管理工具的一种可行替代方案，却很大程度上未被采纳。本文对45种现有DPG进行了调查，评估了阻碍其普及的主要安全、隐私及可用性问题。随后，我们提出了一种新型多因素确定性密码生成器（MFDPG）设计方案，旨在解决这些缺陷。该方案不仅实现了强大且实用的零凭证存储密码管理，还可作为渐进式客户端升级方案，有效将仅依赖弱密码的网站升级为强多因素认证系统。