If I use a password manager (1Pass, LastPass, etc.), then all my passwords are in one place. There is literally One Password To Rule Them All™.<p>How is this less dangerous than the alternative?
I wasn't sure about password managers for a long time, until I read this article by Troy Hunt "Humans are Bad at URLs and Fonts Don’t Matter": <a href="https://www.troyhunt.com/humans-are-bad-at-urls-and-fonts-dont-matter/" rel="nofollow">https://www.troyhunt.com/humans-are-bad-at-urls-and-fonts-do...</a> - if you give this a skim read you may think this has nothing to do with password managers, but read it to the end.<p>I won't spoil it, but I will say that everything suddenly clicked in. Password managers solve so many problems at once, including problems we don't intuitively understand. Contrary to other comments here, password managers aren't " a trade off between security and convenience", security is a process and not a tool, and password managers regiment a very important process of password security for regular people.
It'a aways a trade off between security and convenience.<p>The best way I've managed to come up with is to use a password manager but then secure the hell out of it by using hardware keys as a second factor to access it, and only allowing getting around that with a printed out backup key.<p>This way you have the convenience of all the passwords as you need them on verified devices, but strong security (+ inconvenience) if you want to access them on a new device.
It sounds like you're worried about theft of master password or theft of password database once gathered in one place.<p>For the former, use auth app-based 2FA against your master password to guard against unwarranted access, preferably using a physical key.<p>For the latter, review the security protocols your third-party provider specifies for how they protect your data. That should give you confidence about the likelihood of database leakage. If even that doesn't give you confidence, look at keepass where you can control where and how your passwords are stored.<p>Remember: you always had a password database in one place (your head), you just leaked information about it everywhere because you invested in a mnemonic for easy lookup. With a password manager, you've only increased the number of database accessors by one while guaranteeing significantly less leakage of your mnemonic, which was always the most likely danger.
For most accounts your email password is already a single point of failure (password reset flow).<p>Even where that's not true, the tradeoff with a password manager is in strengthening defenses broadly in exchange for a more central point of failure, compared to weak defenses all around but no single point that gives everything away. The idea being that you can remember one, really good high entropy password, vs. having a bunch of weak passwords.<p>Of course, the theoretical ideal would be having lots of different strong passwords, but that's not how human memory works.
Not sure how common or secure this is but even inside my password manager, only part of the password is stored there. I have a common password that I add to complete the password.<p>So even if someone had access to my password manager, the passwords in there are just partials.
If you are using truly unique passwords everywhere, then your brain is just fine. Good old paper and pen is a seriously secure password manager, and is the modern recommendation.<p>The only security feature that password managers bring to the table is eliminating password reuse. Some will monitor for breaches, but you can also do that yourself.<p>There are also conveniences, which is why I use one.
My pitch to clients is that the Password Manager is a way to consolidate all their passwords into a safe place, which also locks them into their own devices, which also gives them the ability to use unguessable and unique passwords, 2FA in the app.. and makes it <i>easy</i> to use and fill in. For some folks I tell them it's kind of like a glorified bookmark app that also fills in passwords. Whatever it takes to switch you over. ;-)<p>In my case we use 1Password for families .. which means my SO and kids also use it. Good password management from the get go is well worth it. It works on all your devices and automatically syncs across all of them.
Going from my experience with 1Password here.<p>There are a few ideas, first is as you mentioned, it’s 1 password to remember, the rest can be randomly generated and you don’t need to know them.<p>In the case of 1Password, data is stored at rest, if the vaults locked it can’t be read, well, not easily.<p>Auto fill helps detect phishing attempts, if the domain is different 1Password won’t auto fill<p>It also can detect breaches and store TOTP if that tickles your fancy.<p>Auto fill is the key point of a good password manager, it makes entering logins trivial, I use biometrics to unlock on all my devices, then it fills in my details for me and away I go.
Biggest advantage is with modern managers like 1Password on Apple operating systems, at least, there is tight integration that makes their use very seamless.<p>I have just one ridiculous master password that I have memorized (1Password has a great blog post talking about how to use the diceware method to pick a truly random yet fairly easy to memorize master password). With just that one password there is now not a penalty to keep individual, random passwords on all my accounts.<p>Password managers like 1Password are also integrating google auth support for two factor authentication and again in iOS in particular it's a VERY seamless experience to authenticate with 2 factor. macOS Monterey brought some further integrations but it's still not as seamless as iOS.<p>And I think that's what's really key - it's not like we all don't know passwords are a pain in the ass. OS vendors need to keep stepping up and making integrations with things like password managers easier until we finally come up with something that can replace them.
Few advantages:<p>- One password per service, so if a service leaks it it affects nothing else.<p>- Super strong passwords, random long passwords way beyond what I can remember making them more secure from guessing/brute forcing.<p>Indeed, if someone gains access to your password manager you are not going to have a good time. So you have take all necessary precautions like 2FA, and even better hardware security keys, and you have to put trust in the service you use, they should be stored encrypted etc etc.<p>If it's less dangerous depends on your situation and what you are defending against. For me and I think for most "normal" folks, it's much safer as most risk comes from having bad passwords, reusing passwords, and services leaking your reused passwords.<p>That's the big question: what is the alternative? In most cases, it's way worse.<p>Another mitigating factor is that for important services you should enable 2fa anyway. If you keep your 2nd factor out of the pw manager (hardware security keys!) you add another layer.
Getting your passwords requires two things: the master password (which should be strong) and the password file. Some pw managers add further factors.<p>Most people use simple passwords like cat12345. Or they use more complex passwords but share them between sites. Pw manager fixes that.<p>It's not perfect, but for most of us it's much better than most obvious alternatives.
Well, LastPass is zero-knowledge, even if the databases are leaked, you are safe.<p>Companies are using these for their convenience (AD based access to passwords, without even knowing the actual pswds). Individuals can also have great benefits as they can shuffle their pswds, get notified about weak pswds, or breaches.
There are more than two alternatives. Each has their own strengths and weaknesses. None are ideal.<p><pre><code> encrypted password vault
hash-based password generation
paper-grid password generation
paper password pocketbooks
post-it notes on the monitor</code></pre>
The main alternative is a shared password between sites so if one of those sites gets hacked, your passwords across many sites are compromised.<p>The security risk in general is not that your main password is guessed or cracked. It’s that a shared password is compromised.
It can be a problem if something can access your password database while it is unlocked or if you have a weak db password. In addition to keeping your system and applications patched and using least privileges and all the other usual best practices you can also keep the database closed when not using it.<p>To venture a few theoretical mitigation turtles down, one could keep a string in their head that they type in before pasting the password from their database meaning that the database only has part of the password. Some might consider that too much friction and some might see that as a fun prank for the password database vendors that theoretically work for intelligence agencies.
I use Bitwarden hosted on my own server at home. The only way to access it from outside is via a VPN. If someone gets access to that, figures out the URL of my Bitwarden instance, then manages to guess my master password, I feel it's fair game to have whatever passwords they want at that point :-)<p>Remember the alternative for most people is using the same password on every single site. When a password (along with your email) is leaked from one website, then people can gain access to whatever other sites you use the same email/password combination on.
One side benefit of using a password manager is that your internet usage is truly portable.<p>This year, I’ve had to work with different laptops (linux and Macs) and switch my browser up a few times.<p>I’m so glad I was already moving away from iOS’s built in password manager before my old mbp died and I had to replace it with a borrowed linux laptop which got replaced with my wife’s decade old linux laptop, which finally got replaced with an M1 air.<p>I can’t imagine the world of pain if only ios knew my passwords. The above hops would have been impossible!
I use 1pass but don’t necessarily trust it to make things any more secure..<p>AFAIK there is no way to prove that the cloud storage only stores an encrypted version at all times. Even if i audited the source and checked the network activity a few times, all it would take is one auto update that skips encryption, uploads the unencrypted passwords to a server and then restores the original binary. The only proof would be a network request if i was even actively logging and monitoring every single outgoing packet.
Because all my passwords in the vault are strong and unique. Because my master password is a massive pass phrase not subject to the vagaries of limits on passwords many sites have and I literally keep it locked in a vault. So it is exponentially better than any alternative I have found [edit] for the cost and effort.
To get into a password manager account, you require a secret and your master password. It is a potential point of failure, but less of one than what I tended to do without a password manager: reuse the same passwords across different sites. It would be impossible for me to remember a unique password for every site I'm registered on, so 1Password is just my place to record it.<p>Having said that as someone else mentioned in this post, your email password reset flows become a point of failure: if someone can get into your email address, they can essentially reset your password to whatever they want. This is why I also enable 2FA on every site I can, and have recently started using unique email aliases per website.<p>I'm considering getting a couple of YubiKeys instead of using something like Google Authenticator, but not really sure if that would result in a more secure setup overall yet.
asking people here, related to the topic at hand, why do we not have a passwordless system built fir the web?
i mean i want to sign in to github or email or whatever, i use my local private key to do it like i do ssh. today we use mobile phones or desktops/laptops and all have browser addons and phone keyboards allow "features" so why isnt this more prevalent?