he is right in sense encryption or master password means false security you plugged one end but others are open so users believe they are safe when actually they aren't he is wrong, when he says we don't want to plug it because there are other ways to get access, he's right when saying master passwd is not the way to do it, devise newer, safer ways to encrypt, twitter's 2-factor security is a good example. while encryption means machine, master password means high order of error, and locking self out