Once they capture your master password, it’s game over.<p>How can you be sure your master password is being kept secure?<p>And what happens on those sites where the stateless generated password isn’t accepted by the remote end? Or you are required to change your password after a while and you can’t re-use any old passwords?