I do see the point of adding more entropy, but against what type of attacker is the rotating password an improvement?
It seems to kick the attacker out of getting future database updates after a point-in-time compromise, but do users using a password manager frequently change their passwords stored in it? At least I don't.
It seems to kick the attacker out of getting future database updates after a point-in-time compromise, but do users using a password manager frequently change their passwords stored in it? At least I don't.