Comment by littlecranky67

6 hours ago

It is, if they are encrypted. Without a password manager, I would inevitable have to reuse the same passwords over and over on my hundreds of different accounts. With a password manager, they are auto-generated random gibberish. And yes, even when using 2FA, you should have different passwords for all accounts.

Bitwarden, OnePassword, LastPass, Proton Pass etc. are password managers with dozens of millions of users that agree.

4 comments

littlecranky67

causalscience 6 hours ago

It's not, because the world we live in isn't binary. It's not true that "it's encrypted therefore nothing can go wrong". Putting your password manager online increases the risk of an accident.

And just because millions of people think this is a good idea, doesn't make it a good idea. Millions of people also reuse their passwords and that doesn't make it a good idea either.

littlecranky67 6 hours ago

Of course it is a tradeoff between security and usability. Not putting your passwords online forces you to either remember all passwords (which will lead to re-use) or you will be only available to access your accounts (and thus most of the internet) from your home. Or you will have to come up with elaborate system how to carry your passwords on some kind of secured device etc. A password manager (alongside 2FA) is a very good security/usability compromise for a lot of people. YMMV.
throwaway173738 5 hours ago
The thing is that accounts get cracked because of reuse all the time. Whereas they seldom if at all get cracked because they’re in a password manager.
- causalscience 1 hour ago
  
  That's why I don't do either of those.