pull down to refresh
21 sats \ 3 replies \ @winteryeti 5 Dec \ parent \ on: What password manager do you like and why? tech
To be honest, it comes from experience. Just about every third party tool I've used that stored PW online or had an online connection has been compromised or hacked. Maintaining control of my info myself hasn't failed in two decades. That's not to say it's perfect; it's not as you pointed out. But that's because I manually engage. Personally, I think relying on tools blindly for protection is being lazy. I have no issue manually referring to my own encrypted database regularly and then, even if I have to copy, immediately copying something else or purging the temporary copy to block stuff sitting in my flash memory or browser memory and being grabbed via a script.
That's interesting. LastPass is the only (once good) service I've heard of being compromised. If it's done right the data at rest and transit should be safe even if publicly available. Which no one does.
There are crappy password managers but ones like Bitwarden have a big juicy target on them and haven't been compromised.
Whatever works for you, but most people are more likely to lose, expose, or reuse passwords without a good tool. Most people have crappy passwords they reuse. These people are easy prey. Most people are just fine using Bitwarden or 1Password.
reply
I think relying on tools blindly for protection is being lazy.
Is that what using a password manager is, though? Just a dumb reliance on tools?
Personally I have carefully picked KeePassXC because it suits my situation. I know it in and out, and I have a sound backup regime for it. I'm not some confused cargo cultist who does strange things I don't understand because experts on the internet told me to – and I doubt many such people exist.
reply
Is that what using a password manager is, though? Just a dumb reliance on tools?
Its not. Just using any password manager is dumb. They are not all the same. Open source matters. How tested and used it is matters. It's track-record matters. It takes knowledge to evaluate any tool. The more complex the tool the harder that is.
I'm not some confused cargo cultist who does strange things I don't understand because experts on the internet told me to – and I doubt many such people exist.
They are a small minority. The majority don't use anything. They reuse bad passwords and get hacked when a site they use has a breech. They don't use 2FA. They need well designed tools that dont require a ton of training to use. This attitude I sense is elitist and also poor security / UX.
I do wonder how this file is being encrypted as well. It is possible and not hard to encrypt a file but most people have never heard of pgp let alone use it.
I am not an encryption expert but I know enough to know the right questions to ask and who to listen to. Some of the tools mentioned have been tested by entire teams of security specialists.
I'm all for everyone doing whatever they want to do but tools are good tools when they solve problems. Password managers that are well done do this.
There is a contrarian attitude that I battle in myself. There for sure are cargo cults in tech but password managers are not a cargo cult.
The problems with password managers are adoption and crappy apps. Few people use them. And even fewer are equipped to pick a good one.
Hence passkeys being pushed which actually are making it even more confusing for average people.
reply