I keep seeing people highly recommend them, but I’ve always thought it wasn’t very secure.
More secure than write to your notepad or text file, for sure.
If you can keep password from your computer (best: just remember it without reuse 1 for everywhere, second best: write in your notebook, don’t reuse password).
Yupp, just away from Lastpass. 🤮
Remember to think about your backup strategy if you use locally managed password software. I’ve helped (and been unable to help) some non-technical folks who relied on popular magazine/new site articles for software selection without good knowledge of how to properly backup their data.
I think they can be much more secure than:
-
remembering your ( probably weak ) passwords
-
writing passwords on paper, which is slow, you can lose paper, break it, or someone can steal it
-
storing passwords in unencrypted text file
-
reusing passwords/password!
I use KeepassXC, which is offline, encrypted password manager. Every password is stored in one file, which to access, I must enter the one password I do remember. I recommend having backups of this file.
It has password generator included, so all my password are long, strong and unique. It also can auto fill password/login which saves time.
To increase security of your account even further you should also use multiple factor authentication, for example app which generates one time codes on your phone offline. It will protect you, even if your password gets leaked, or cracked.
If you write it on paper, include the same short word on the end of all your passwords that you don’t write down. Password is Hunter2duck but you only write down Hunter2.
*Actually this might be a good idea for password managers too. Brb. **I wonder if hackers thought of this too. If so this could be easy to crack if they get past the password manager. Maybe inserting a letter into the password after the nth character would work better.
All I see is *******
I just see
*******duck
I write my passwords on paper in code, like my dad taught me to do.
However, just a personal anectdote, my uncle passed suddenly and he had written all his passwords (not in code) on a spreadsheet with each account, which he then printed. I promise you, this single piece of paper was one of the most helpful things I could’ve asked for in sorting out all of his assets. It was a genuine lifesaver. Now I often think that maybe I should be sharing my password with an S.O. or someone else close to me just to make their life easier if I were to die tomorrow.
See you can tell your family the “duck” part. Then anyone that steals the paper still can’t do it.
And that’s how your uncle Billy starts a new life in Mexico using your identity. A tale as old as time.
-
Without password managers: You either have weak passwords, or you constantly forget passwords and get locked out of your accounts.
Or you can remember the password to your email then use that to reset passwords every time and slam your head on the keyboard to generate a random password that you won’t need to remember because you’ll just reset it next time, but then its a hassle and you are relying on one point of failure, and you could get locked out if you email stops working.
So in conclusion: Password Managers
To oversimplify:
Very secure, unique passwords written on paper and stored safely > Local password manager using secure passwords > cloud/synced password manager with secure passwords > anything with insecure passwords.
The trick is, will you actually maintian these security practices or will you start getting lazy if its too inconvenient (such as using a long password, and having to manually type it out).
There are weaknesses and attack vectors, but they are in my opinion more secure than almost all realistic alternatives. If you think you’ve come up with a better system, by all means, implement it. I commend your skepticism of following the herd and may it serve you well. But beware of pursuing security through obscurity. People recommend password managers because they are one of the best solutions available for navigating this complex threat environment we live in and they are appropriate for most people’s situations.
What makes you think they aren’t secure?
Most will tell you how the password is stored and assuming they implemented the encryption algorithm correctly it should be rather difficult to break the vault open.
I’ve always thought it wasn’t very secure
Why? They are way better than you anyway (to generate random stuff, to recognize URLs, to store data encrypted, etc.)
Keepass is as secure as you make it to be, you can use derivatives like keepassXC but some have had insecure bugs (they still need access to your password db file)
I don’t trust the online one, I only use https://pwsafe.org/
I don’t trust SaaS ones not because I don’t think they’re not doing all due diligence, but because a SaaS password manager is the juiciest of juicy targets and eventually someone will succeed in cracking one.
I personally use KeepassXC, which is a local password manager. Most of the benefits of a SaaS one with some extra work handling sync and backup yourself.
deleted by creator
It’s better than using the same few passwords everywhere. Passwords are being phased out though. The future is passkeys.
I won’t say which manager I use, but I used a ‘tool’ on it which cracked my access password in very little time revealing all my passwords. - a bit worrying.
Do I still use that manager? Yes, it’s convenient and fits my risk profile.
Have I upgraded my master password? Yes. Less convenient, but is all a trade off.
If I was a higher profile target, my assessment may be different.
