If you end up, for some reason, being one of those unlucky individuals whose Google account gets banned and all your other accounts are behind Google login, then you truly have been owned.
You mean when using "sign in with" and then using a shitty password for your social media account?
If you use e-mail and password with a good password manager, that runs locally on your device and generate good random passwords, it is unlikely you will end up on haveibeenpwned, and even if one website does shit, the blast radius is only one account on one website.
You'll still have your e-mail address exposed, which you may not want if it is to some random porn site. Moreover, password managers do not work if you use multiple devices for log in, which most people actually do.
Are you saying that you reuse the same password everywhere, but a different email address every time, and you feel confident that having your password leaked won't have repercussions?
I am genuinely confused. Sounds like holding a gun from the wrong end and feeling protected by it.
You don't even need a password manager, browsers autogenerate secure passwords for you, and they sync between computers/mobile devices.
(I'm saying this from the perspective of "regular people don't want to be inconvenienced like that, obviously you should use an external password manager for security)
> Before inevitable "what if your password manager is hacked
My passwords are encrypted with a security key. I think it is more likely for my computer to get compromised than for my password manager to leak the passwords.
Admittedly, if I lose all the security keys at the same time, I lose all of my passwords.
Sign-on with the external identity provider doesn't help if data related to your account like the billing information, your government ID info etc. are released in the breach, that's the sore point.
People will know that my password was y!2TvM8h3dpvw4 for one particular website at some point. What do I lose here? Google/Apple incurs much greater risk that is entirely out of your control.
If you end up, for some reason, being one of those unlucky individuals whose Google account gets banned and all your other accounts are behind Google login, then you truly have been owned.
You mean when using "sign in with" and then using a shitty password for your social media account?
If you use e-mail and password with a good password manager, that runs locally on your device and generate good random passwords, it is unlikely you will end up on haveibeenpwned, and even if one website does shit, the blast radius is only one account on one website.
You'll still have your e-mail address exposed, which you may not want if it is to some random porn site. Moreover, password managers do not work if you use multiple devices for log in, which most people actually do.
I use my password manager across multiple devices daily.
Apparently it has not been working without me noticing it?
9 replies →
If you decide to visit such awful sites then the least you could do is not use primary email for this.
I don't think it makes sense to even have a "primary email". I've completely separated work, shopping, banking, gaming etc mailboxes.
Also how do password managers not work? Bitwarden syncs instantly across devices just fine.
If you sign in with Google, the site knows your gmail address.
Email aliasing is a thing
Risk Bob's Salad Shack leaking an inconsequential, unique, credential or bind everything to the whims and identity of a single organization; hmm.
Ending up on HaveIBeenPwned is only a problem if you reuse passwords.
Nope. It is a problem if you reuse email addresses.
Are you saying that you reuse the same password everywhere, but a different email address every time, and you feel confident that having your password leaked won't have repercussions?
I am genuinely confused. Sounds like holding a gun from the wrong end and feeling protected by it.
Password manager.
Before inevitable "what if your password manager is hacked...," what if your google account is hacked / banned?
You don't even need a password manager, browsers autogenerate secure passwords for you, and they sync between computers/mobile devices.
(I'm saying this from the perspective of "regular people don't want to be inconvenienced like that, obviously you should use an external password manager for security)
Agreed. Just wanted to add:
> Before inevitable "what if your password manager is hacked
My passwords are encrypted with a security key. I think it is more likely for my computer to get compromised than for my password manager to leak the passwords.
Admittedly, if I lose all the security keys at the same time, I lose all of my passwords.
Sign-on with the external identity provider doesn't help if data related to your account like the billing information, your government ID info etc. are released in the breach, that's the sore point.
- Complains about age verification because it is "not private"
- Uses Google SSO to sign in everywhere
People will know that my password was y!2TvM8h3dpvw4 for one particular website at some point. What do I lose here? Google/Apple incurs much greater risk that is entirely out of your control.