Are Password Managers Really Necessary?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
DaftInvestor
Posts: 4064
Joined: Wed Feb 19, 2014 10:11 am

Re: Are Password Managers Really Necessary?

Post by DaftInvestor » Mon Jan 08, 2018 1:57 pm

ERISA Stone wrote:
Mon Jan 08, 2018 12:57 pm
DaftInvestor wrote:
Mon Jan 08, 2018 12:46 pm
ERISA Stone wrote:
Mon Jan 08, 2018 12:03 pm
DaftInvestor wrote:
Mon Jan 08, 2018 11:54 am

In practice we know otherwise.
Proof?
Just google "Password Manager breach" and read about the breaches at OnePass, LastLogin, etc.
Some of the most secure banks have been hacked along with one of the big-three credit report agencies - google "breach", "hacked", etc and you can find lots of stories that provide proof that security practice is very different that stated theory.
All of these companies hire some of the smartest folks and use what they think are the most secure methods.
Show me proof of a password manager getting hacked that allowed the hacker(s) to get access to a user's account.
There are stories if you run google searches - I'm not going be able to prove any of them to you nor do I have the desire to do so.
There are also cases whereby causality will never be proven - people have their accounts infiltrated and don't know whether it is due to them having used OnePass or some other reason. Similarly there are lots of Identities stolen every year and the exact trace-backs aren't always determined (in fact they are rarely determined) - for years people will be wondering if they were the victim of Equifax's breach or a piece of paper someone picked up at an old Doctor's office. Similarly a friend of mine's house was broken into while he was on vacation - he will never know if it was because his newspaper carrier told a friend that led to this (since he had his papers held for a week), due to a post he made on Facebook (showing he was on vacation), due to someone watching his house and seeing that his car was not coming/going in a longer pattern, etc. Personally - I have had my credit card numbers stolen a number of times and have yet to know why.
Personally I limit my exposure the best I can and storing my passwords with a third party service or in a third party software product will increase my exposure - not reduce it. I know this goes against what many security experts state.

LiterallyIronic
Posts: 828
Joined: Sat Dec 05, 2015 10:36 am

Re: Are Password Managers Really Necessary?

Post by LiterallyIronic » Mon Jan 08, 2018 2:13 pm

RooseveltG wrote:
Mon Jan 08, 2018 10:01 am
I use a Password Manager but friends claim they are unnecessary.

So are Password Managers necessary or are they overkill?
Of course they're not necessary. Just remember your passwords. Having a password manager is what baffles me.

User avatar
telemark
Posts: 2319
Joined: Sat Aug 11, 2012 6:35 am

Re: Are Password Managers Really Necessary?

Post by telemark » Mon Jan 08, 2018 2:22 pm

TravelGeek wrote:
Mon Jan 08, 2018 12:35 pm
ERISA Stone wrote:
Mon Jan 08, 2018 12:33 pm

Is this true? I've always read you should change your passwords every six months or so, especially those related to financial institutions.
https://www.schneier.com/blog/archives/ ... _pass.html
See also this link

https://www.wired.com/2016/05/password-tips-experts/

with special attention to item number 5.

User avatar
dwickenh
Posts: 1409
Joined: Sun Jan 04, 2015 9:45 pm
Location: Illinois

Re: Are Password Managers Really Necessary?

Post by dwickenh » Mon Jan 08, 2018 2:31 pm

I used Last Pass for about 30 days and did not like the way it created and stored passwords. It has more to do with lack of control than anything. I currently use the paper with passwords for each account. I started using 2 way security on financial accounts requiring a unique code each time I go online with the financial product. Is it perfect, no likely but it works for me.
The market is the most efficient mechanism anywhere in the world for transferring wealth from impatient people to patient people.” | — Warren Buffett

User avatar
dwickenh
Posts: 1409
Joined: Sun Jan 04, 2015 9:45 pm
Location: Illinois

Re: Are Password Managers Really Necessary?

Post by dwickenh » Mon Jan 08, 2018 2:34 pm

telemark wrote:
Mon Jan 08, 2018 2:22 pm
TravelGeek wrote:
Mon Jan 08, 2018 12:35 pm
ERISA Stone wrote:
Mon Jan 08, 2018 12:33 pm

Is this true? I've always read you should change your passwords every six months or so, especially those related to financial institutions.
https://www.schneier.com/blog/archives/ ... _pass.html
See also this link

https://www.wired.com/2016/05/password-tips-experts/

with special attention to item number 5.
Thanks for the link telemark!!
The market is the most efficient mechanism anywhere in the world for transferring wealth from impatient people to patient people.” | — Warren Buffett

User avatar
brother7
Posts: 157
Joined: Mon Mar 27, 2017 4:48 pm

Re: Are Password Managers Really Necessary?

Post by brother7 » Mon Jan 08, 2018 2:41 pm

For a completely offline password database, consider Keepass.
For a cloud-based, open source, browser-plugin-driven password manager, check out Bitwarden.

User avatar
nisiprius
Advisory Board
Posts: 36891
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: Are Password Managers Really Necessary?

Post by nisiprius » Mon Jan 08, 2018 2:45 pm

My issue with "password managers" is that I've needed online passwords for at least thirty years. I've never had either a gadget or a piece of software that lasted long enough to be a long term solution for anything, and there have in fact been constant problems version skew, companies going out of business, etc.

I mean, to me, saying "I love my password manager" sounds like "I store all my passwords on punched cards," or "I have all my passwords on a Syquest cartridge," or "My password manager runs on VAX/VMS and I just log onto everything through my VAX."
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.

quantAndHold
Posts: 1903
Joined: Thu Sep 17, 2015 10:39 pm

Re: Are Password Managers Really Necessary?

Post by quantAndHold » Mon Jan 08, 2018 2:57 pm

Until recently, I did network security for a living. The two most important things you need to do to protect your accounts are to 1) use different, long passwords for every account, and 2) use 2 factor authentication for the accounts that matter. Everything else is an implementation detail.

Different password managers have their strengths and weaknesses. The biggest problem with the paper and pencil method of password management is that people, left to their own devices, create passwords that are too simple and easy to guess. If you have the self control to be able to create a unique and hard to guess 15 character password for every account, and store that on a piece of paper, then more power to you. I personally use keepass and keep the file locally, but I will not be all that concerned if someone steals my keepass file until I hear that someone has broken AES encryption. The same with Apple's Keychain.

TravelGeek
Posts: 2369
Joined: Sat Oct 25, 2014 3:23 pm

Re: Are Password Managers Really Necessary?

Post by TravelGeek » Mon Jan 08, 2018 3:00 pm

nisiprius wrote:
Mon Jan 08, 2018 2:45 pm
My issue with "password managers" is that I've needed online passwords for at least thirty years. I've never had either a gadget or a piece of software that lasted long enough to be a long term solution for anything, and there have in fact been constant problems version skew, companies going out of business, etc.

I mean, to me, saying "I love my password manager" sounds like "I store all my passwords on punched cards," or "I have all my passwords on a Syquest cartridge," or "My password manager runs on VAX/VMS and I just log onto everything through my VAX."
As long as the password manager allows me to export the data in csv format, I am good. I have switched password managers once, and suspect it might happen again before passwords become obsolete technology themselves ;)

The fundamental question asked in the OP is similar to "Are cars really necessary?"

Someone living in Manhattan might say no, someone in L.A. would shake their head at the thought of not having one (or three).

Spirit Rider
Posts: 8925
Joined: Fri Mar 02, 2007 2:39 pm

Re: Are Password Managers Really Necessary?

Post by Spirit Rider » Mon Jan 08, 2018 3:03 pm

You don't have to memorize all the different passwords or use a password manager. You might ask, how?

Then I would have to trot out the dead horse trope; "I'd Tell You, but Then I'd Have to Kill You."

Think someplace you are and something you know no matter where you are.

jalbert
Posts: 3828
Joined: Fri Apr 10, 2015 12:29 am

Re: Are Password Managers Really Necessary?

Post by jalbert » Mon Jan 08, 2018 3:08 pm

The most likely way your password safe would be breached is not by a head-on cracking of the encryption, but by having your computer, phone, or tablet compromised by malware that captures the master password from keystroke filtering when you type it in, or that captures the cleartext passwords after you type in the master password.
Risk is not a guarantor of return.

jalbert
Posts: 3828
Joined: Fri Apr 10, 2015 12:29 am

Re: Are Password Managers Really Necessary?

Post by jalbert » Mon Jan 08, 2018 3:19 pm

Spirit Rider wrote:
Mon Jan 08, 2018 3:03 pm
You don't have to memorize all the different passwords or use a password manager. You might ask, how?

Then I would have to trot out the dead horse trope; "I'd Tell You, but Then I'd Have to Kill You."

Think someplace you are and something you know no matter where you are.
If you have 40 or 50 robust passwords, they would be unique and you would have to remember where you used capital letters, numbers, punctuation characters etc.

As an example, if you live in Washington state and used Snoqualmie as a password based on the name of a mountain pass in the state, this might be easily broken by a dictionary attack. But $n0qu@lmie$ might be safer, but you have to remember all of the transformations, capitals, and in this case trailing $ for 40-50 passwords.
Risk is not a guarantor of return.

Seasonal
Posts: 149
Joined: Sun May 21, 2017 1:49 pm

Re: Are Password Managers Really Necessary?

Post by Seasonal » Mon Jan 08, 2018 3:33 pm

ERISA Stone wrote:
Mon Jan 08, 2018 12:57 pm
DaftInvestor wrote:
Mon Jan 08, 2018 12:46 pm
ERISA Stone wrote:
Mon Jan 08, 2018 12:03 pm
DaftInvestor wrote:
Mon Jan 08, 2018 11:54 am

In practice we know otherwise.
Proof?
Just google "Password Manager breach" and read about the breaches at OnePass, LastLogin, etc.
Some of the most secure banks have been hacked along with one of the big-three credit report agencies - google "breach", "hacked", etc and you can find lots of stories that provide proof that security practice is very different that stated theory.
All of these companies hire some of the smartest folks and use what they think are the most secure methods.
Show me proof of a password manager getting hacked that allowed the hacker(s) to get access to a user's account.
I've had a bunch of online conversations in which I asked for such proof. No one has ever posted an actual example, just suggestions that searching will reveal much and vague stories about problems, often problems at things that are not password managers. The lack of any concrete examples increases my faith in password managers, at least of the lastpass variety.

TravelGeek
Posts: 2369
Joined: Sat Oct 25, 2014 3:23 pm

Re: Are Password Managers Really Necessary?

Post by TravelGeek » Mon Jan 08, 2018 3:38 pm

jalbert wrote:
Mon Jan 08, 2018 3:19 pm
As an example, if you live in Washington state and used Snoqualmie as a password based on the name of a mountain pass in the state, this might be easily broken by a dictionary attack. But $n0qu@lmie$ might be safer
Those standard replacements are well known to those who brute-force passwords.

alfaspider
Posts: 1602
Joined: Wed Sep 09, 2015 4:44 pm

Re: Are Password Managers Really Necessary?

Post by alfaspider » Mon Jan 08, 2018 3:46 pm

I will admit that I do reuse passwords, but only in relatively low security situations. If my BH password is stolen, it will be unfortunate, but it will only compromise my access on similar sites. For the things that matter, I memorize something unique, and there's a small enough number of those that its managable.

What has kept me from using password managers is not the fear of them getting hacked, but the fear of the service shutting down unexpectedly (or in the case of a locally based manager, the hardware failing). I suppose losing online account access is not as bad as having someone gain access, but it would be extremely painful.

TravelGeek
Posts: 2369
Joined: Sat Oct 25, 2014 3:23 pm

Re: Are Password Managers Really Necessary?

Post by TravelGeek » Mon Jan 08, 2018 3:53 pm

alfaspider wrote:
Mon Jan 08, 2018 3:46 pm

What has kept me from using password managers is not the fear of them getting hacked, but the fear of the service shutting down unexpectedly (or in the case of a locally based manager, the hardware failing). I suppose losing online account access is not as bad as having someone gain access, but it would be extremely painful.
I don’t use a cloud-hosted provider. If 1Password decided to go out of business, my apps would continue to work. And if my Mac were to die, the passwords are synced to my phone and two tablets. And of course I have backups of my Mac data.
Last edited by TravelGeek on Mon Jan 08, 2018 4:06 pm, edited 1 time in total.

User avatar
Doom&Gloom
Posts: 2293
Joined: Thu May 08, 2014 3:36 pm

Re: Are Password Managers Really Necessary?

Post by Doom&Gloom » Mon Jan 08, 2018 4:04 pm

DW refuses to use a password manager despite my best efforts. She insists on using slightly different versions of two or three primary passwords. Fortunately she doesn't use them for any sites for she which would have a huge financial exposure--just massive inconvenience--imo. Even with her doing that, I have to store all of her user names, passwords, and related info in my KeePass file because she can't remember them and occasionally has to ask me for her password to some site :oops:

I've been waiting for the day that one (or more) of her accounts gets hacked and she becomes a convert as I'm certain that is what it will take. At least she knows enough not to write them down as they would be scattered all over the house and misplaced. I am obviously not recommending this system just because it has worked for her. So far.

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Are Password Managers Really Necessary?

Post by AntsOnTheMarch » Mon Jan 08, 2018 4:08 pm

Password managers are necessary for reasons mentioned already. The most obvious and necessary reason imo, is it allows you to store dozens (or more) long and complicated passwords and other info—such as security answers that don’t factually correspond to the security question, site administered PINs, etc. Unless you are some freak of nature, you cannot possibly memorize all that.

Simplistic formulas and repeating passwords across logins is verboten. Writing it all down on paper? I could make the case that this is less secure than a good password manager but ok, that’s not bad. Problem is, you’re typing long passwords all day long and you’re probably going to make the passwords shorter and simpler sooner or later to make it easy on yourself. Aren’t the biggest investing mistakes behavioral as well? Also, typing in all those passwords over and over, be careful of a keylogger.

I’ve seen zero evidence that any popular password manager has been hacked and passwords stolen (i.e., encryption broken). To be honest, since I use 1Password, I only stay up on news of that so someone correct me if I’m wrong. If a breach to 1Password was ever shown to be likely or possible, I would re-evaluate my recommendation, but not before.

I don’t worry about losing my passwords due to some disruption. They are local as well as cloud (synced over multiple devices) and they are exportable.

jalbert
Posts: 3828
Joined: Fri Apr 10, 2015 12:29 am

Re: Are Password Managers Really Necessary?

Post by jalbert » Mon Jan 08, 2018 4:09 pm

TravelGeek wrote:
Mon Jan 08, 2018 3:38 pm
jalbert wrote:
Mon Jan 08, 2018 3:19 pm
As an example, if you live in Washington state and used Snoqualmie as a password based on the name of a mountain pass in the state, this might be easily broken by a dictionary attack. But $n0qu@lmie$ might be safer
Those standard replacements are well known to those who brute-force passwords.
Agreed, why I said might be safer. But not all the substitutions are always used so they have to try all combinations, which in conjunction with a sufficiently long password may be secure enough. Password safes also support randomly generated passwords.
Risk is not a guarantor of return.

User avatar
Flymore
Posts: 238
Joined: Tue May 31, 2016 1:31 pm

Re: Are Password Managers Really Necessary?

Post by Flymore » Mon Jan 08, 2018 4:31 pm

My passwords are in a file on my Linux laptop encrypted using gpg - OpenPGP encryption with a 128 character passphrase.
A bit of a pain, as I have to decrypt the file to extract a password, but works for me. :beer

Spirit Rider
Posts: 8925
Joined: Fri Mar 02, 2007 2:39 pm

Re: Are Password Managers Really Necessary?

Post by Spirit Rider » Mon Jan 08, 2018 4:41 pm

jalbert wrote:
Mon Jan 08, 2018 3:19 pm
Spirit Rider wrote:
Mon Jan 08, 2018 3:03 pm
You don't have to memorize all the different passwords or use a password manager. You might ask, how?

Then I would have to trot out the dead horse trope; "I'd Tell You, but Then I'd Have to Kill You."

Think someplace you are and something you know no matter where you are.
If you have 40 or 50 robust passwords, they would be unique and you would have to remember where you used capital letters, numbers, punctuation characters etc.

As an example, if you live in Washington state and used Snoqualmie as a password based on the name of a mountain pass in the state, this might be easily broken by a dictionary attack. But $n0qu@lmie$ might be safer, but you have to remember all of the transformations, capitals, and in this case trailing $ for 40-50 passwords.
Not that this is what I am using for passwords. All of what you suggest can be accomplished with a simple ASCII substitution cipher.

User avatar
Epsilon Delta
Posts: 7430
Joined: Thu Apr 28, 2011 7:00 pm

Re: Are Password Managers Really Necessary?

Post by Epsilon Delta » Mon Jan 08, 2018 5:05 pm

DoTheMath wrote:
Mon Jan 08, 2018 11:18 am
It's funny how things change. In the old pre-internet days, having your passwords on a slip of paper near your computer was the stereotype for bad computer security. Nowadays, the worry that someone will get your passwords by physically entering your home is the least of your worries!
In the pre-internet days you probably did not have a computer at home, and if you did it didn't have a password. So the rule about not writing it down is about office computers. Access to most offices is far more open than access to most homes. It's still a bad idea to keep a list of passwords near your office computer.

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Are Password Managers Really Necessary?

Post by AntsOnTheMarch » Mon Jan 08, 2018 5:08 pm

Spirit Rider wrote:
Mon Jan 08, 2018 4:41 pm
jalbert wrote:
Mon Jan 08, 2018 3:19 pm
Spirit Rider wrote:
Mon Jan 08, 2018 3:03 pm
You don't have to memorize all the different passwords or use a password manager. You might ask, how?

Then I would have to trot out the dead horse trope; "I'd Tell You, but Then I'd Have to Kill You."

Think someplace you are and something you know no matter where you are.
If you have 40 or 50 robust passwords, they would be unique and you would have to remember where you used capital letters, numbers, punctuation characters etc.

As an example, if you live in Washington state and used Snoqualmie as a password based on the name of a mountain pass in the state, this might be easily broken by a dictionary attack. But $n0qu@lmie$ might be safer, but you have to remember all of the transformations, capitals, and in this case trailing $ for 40-50 passwords.
Not that this is what I am using for passwords. All of what you suggest can be accomplished with a simple ASCII substitution cipher.
I used that approach before 1Password but it had some severe limitations. For example, many sites limit the length and special characters allowed. So in order to come up with an an easy to remember system that would scale across all sites, I had to apply the lowest common denominator and this meant that sites which allowed more robust passwords did not derive benefit from their better architecture.

User avatar
beyou
Posts: 2060
Joined: Sat Feb 27, 2010 3:57 pm
Location: Northeastern US

Re: Are Password Managers Really Necessary?

Post by beyou » Mon Jan 08, 2018 5:17 pm

Flymore wrote:
Mon Jan 08, 2018 4:31 pm
My passwords are in a file on my Linux laptop encrypted using gpg - OpenPGP encryption with a 128 character passphrase.
A bit of a pain, as I have to decrypt the file to extract a password, but works for me. :beer
+1 I have used similar solutions for a long time. Encyrpting a text file, allows me to store not only userid/pwd
but also challenge questions and other sensitive data like acct #s etc. If it's all encyrpted, why not store all the related info ?
Just have to make sure it's strongly encrypted, has a good pwd on the file, and you don't forget your pwd for the encyrpted file :-)

User avatar
Epsilon Delta
Posts: 7430
Joined: Thu Apr 28, 2011 7:00 pm

Re: Are Password Managers Really Necessary?

Post by Epsilon Delta » Mon Jan 08, 2018 5:37 pm

blevine wrote:
Mon Jan 08, 2018 5:17 pm
Flymore wrote:
Mon Jan 08, 2018 4:31 pm
My passwords are in a file on my Linux laptop encrypted using gpg - OpenPGP encryption with a 128 character passphrase.
A bit of a pain, as I have to decrypt the file to extract a password, but works for me. :beer
+1 I have used similar solutions for a long time. Encyrpting a text file, allows me to store not only userid/pwd
but also challenge questions and other sensitive data like acct #s etc. If it's all encyrpted, why not store all the related info ?
Just have to make sure it's strongly encrypted, has a good pwd on the file, and you don't forget your pwd for the encyrpted file :-)
The problem with any encrypted file is that you have to deal with them carefully. For example when you decrypt it do you take steps to avoid leaving a copy of the plain text in the swap file? Ideally a password manager takes care of these types of issues, and since a password manager only needs to deal with a few use cases it can handle these issues better than a general purpose encryption program.

On the other hand I am not a fan of password managers because I am not a fan of passwords. Passwords as currently practiced are broken. They need to go away.

Oh and a password manager should not have a password. It should have an encryption key. Very different things with very different properties, which is a big part of why passwords are broken.

briansmt4
Posts: 4
Joined: Fri Oct 27, 2017 4:57 pm

Re: Are Password Managers Really Necessary?

Post by briansmt4 » Mon Jan 08, 2018 6:12 pm

My MacBook always wants to save passwords for me, and then when I go to the site, it logs me in automatically. It works well but I am concerned that if someone had my laptop they would have the keys to the kingdom. I use 2-factor authentication when possible, such as at Vanguard. But if they had my phone and my laptop? So I am afraid to allow the computer to memorize my important passwords such as to Vanguard and banks.
I tried using Dashlane as a password manager but it seems to work a lot like the Mac password saver so I'm not sure it would help that much. Am I being too cautious?
I end up still writing down passwords and putting them in my phone which seems like a riskier proposition than using the Mac or Dashlane...technology always seems to be a dilemma.

MathWizard
Posts: 3059
Joined: Tue Jul 26, 2011 1:35 pm

Re: Are Password Managers Really Necessary?

Post by MathWizard » Mon Jan 08, 2018 6:16 pm

For me any my team, yes, they are necessary.

I work in IT. We added several passwords, and they change frequently, so I finally gave in and
got a distributed password manager for my group.

I remember the most commonly used ones, but there are many that I use infrequently, and it
is hard to keep them in memory, especially when they keep changing. I foudn myself starting to write them down,
which is horrible security, and why I champion against requiring frequent password changes. Require reasonably
long passwords, and multi-factor, and allow the user to change passwords when they want. This is in line with recent
NIST recommendations.

I have 17 personal passwords in a password manager.

For work, I have another 84 passwords.

This is not all of them, but only the ones I cannot keep in memory.

HockeyFan99
Posts: 18
Joined: Wed May 22, 2013 8:53 pm

Re: Are Password Managers Really Necessary?

Post by HockeyFan99 » Mon Jan 08, 2018 7:20 pm

Not sure I saw this mentioned above in the chain, but one advantage of a password manager - or at least most of the commercial ones I have investigated - is that they allow you to share credentials selectively with other family members, either for daily use or on a one-time or emergency basis (a la Google inactive account manager).

This can come in handy when trying to manage finances (or other activities) across a household or across generations (e.g., helping a parent or child with certain tasks).

Not sure anything like perfect security exists, but password managers seem to me to provide a good balance between security and convenience.
"I'm spending a year dead for tax reasons." - Hotblack Desiato

RetiredAL
Posts: 157
Joined: Tue Jun 06, 2017 12:09 am
Location: SF Bay Area

Re: Are Password Managers Really Necessary?

Post by RetiredAL » Mon Jan 08, 2018 11:41 pm

Interesting dialog. Here's my 2 bits...

How many logon's do I (you) have where security are really important? OK, my (your) bank, my (your) investments, and a handful of others. My "Master ISP Account" and it's e-mail is not used anywhere, and there is telephone support available, thus resetting the used subordinate e-mail is simple via online, or worst case via telephone. I do have e-mails accounts elsewhere that rely on that subordinate address for their resetting.

Then there are what I call the trivials. Do I really care if my Boglehead logon is lifted. Or my Electric Company. I don't have 50 buying site logons to maintain. I prefer anonymous ( no account signup ) buying when whenever possible. If my Amazon account were to be compromised, I'll deal with it. Anywhere I used my credit card number, it might be lifted, but so what, I'll deal with it. Neither are life threatening. Report it and go on with your life. I don't have 50 membership board logons to maintain.

I would never use Facebook or anyone else as a logon validator to another site. I hate logons based my email address, so those get an email address that is different than the one I use for important stuff.

My phone is not a walking database of personal data. If someone stole it out of my hands, all they got is a phone with lots of pictures, and what would be to them, some nonsensical data in files. No banking, no buying, no access cloud stored files, ect.

I have no exotic password manager and I never use a browser's ID manager. The handful of important more frequently used ID's I use have a unique medium complex multi-segmented user name and password that consist of components I can easily remember. It's no big deal to look up a rarely used one. The trivials have a much simpler password structure. IMO, these do not need to be made hard where it does not really matter.

I accept each of us do have different ideas/concerns on this issue. I trend towards the a reasonable simplistic and don't get paranoid over what "could" happen when that "could" has a pretty low probability. Isn't that a BH thing to trust in the averages!

A list does exist along a paper copy that is kept with Trust/POA/Will/Instructions for my wife/kids, in case I can't perform. The wife is already listed at each financial institution as a POA Agent to all my financial accounts, as I am on hers.

GCD
Posts: 553
Joined: Tue Sep 26, 2017 7:11 pm

Re: Are Password Managers Really Necessary?

Post by GCD » Tue Jan 09, 2018 9:35 am

Teague wrote:
Mon Jan 08, 2018 11:04 am
My "password manager" is a piece of paper with my various usernames and passwords written on it. This is folded over once (my version of encryption) and tucked in a drawer with a bunch of boring paperwork in it.

Pro: I don't have to worry about the security of the algorithm, or unknown back door vulnerabilities. Sure, a burglar could break in, find the paper, fire up my computer, and access my accounts. But I'm not an important or well-known person, so the odds of this happening are probably zero. Any burglar would be there to burgle, probably for their next dose of meth, not to transfer funds from my IRA to their offshore bank account.

Con: It is not terribly portable. But I do any important transactions from home anyway, so I don't really care about that.
My wife and I have a dedicated financial computer which we access bank and investment accounts from. We never use it for regular internet and the regular computers are never used for financial transactions. We do this to minimize the possibility of getting hacked or picking up viruses on the financial computer. This also means we do all our transactions from home where we have access to our pen and paper password list.

The assumption I'm working from is that it is not likely that a burglar engaged in a physical crime is the same type of criminal as a person who commits an electronic white collar crime. I am not nearly wealthy or important enough to be the victim of a concerted multi-prong effort to break into my home to steal passwords to then go victimize me on a second level.

User avatar
Peculiar_Investor
Posts: 1134
Joined: Thu Oct 20, 2011 12:23 am
Location: Calgary, AB
Contact:

Re: Are Password Managers Really Necessary?

Post by Peculiar_Investor » Tue Jan 09, 2018 9:44 am

I don't see any significant downside to using a password manager. Depending on the complexity of your online life and the number of websites you visit that require passwords there are significant positive benefits to using a password manager to simplify that complexity and work towards best practices on account security and the passwords that you are using.

I'm using Lastpass and would recommend it, or equivalent, to anyone who has more than a handful of online accounts to manage.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

Leesbro63
Posts: 5517
Joined: Mon Nov 08, 2010 4:36 pm

Re: Are Password Managers Really Necessary?

Post by Leesbro63 » Tue Jan 09, 2018 10:17 am

I think the REAL question here is this:


Is security so fragile that you need (a) password(s) so robust that it almost requires a password manager to remember it/them?

In other words, are "normal", "memorizeable" passwords save enough? Or must you use a generated password that's long, has lots of non-letter characters, lots of caps and not-caps, and is so difficult that it cannot generally be remembered by average people.

randomguy
Posts: 6504
Joined: Wed Sep 17, 2014 9:00 am

Re: Are Password Managers Really Necessary?

Post by randomguy » Tue Jan 09, 2018 10:30 am

ThriftyPhD wrote:
Mon Jan 08, 2018 1:41 pm
RooseveltG wrote:
Mon Jan 08, 2018 10:01 am
So are Password Managers necessary or are they overkill?
If you can remember a unique 20+ random string of upper and lower case, with numbers and symbols, for every login you have, including those that need to be changed on some timescale, as well as those that have unique requirements, then no you don't need a password manager.

With hundreds of separate logins, the above is impossible for me.

99.9% of all sites don't need that level of security. "ThriftyPhD_Bogleheads" for example is probably all the password security you need for this site. It is unique (i.e. when visa gets hacked, they will not get this password), long enough (i.e. obviously could be longer but you are at a level that should stand up to attack for a while), and the data you can steal is almost worthless.

For the accounts that actually matter (vanguard, fidelity), 2 factor authentication should be considered a requirement.

That leaves the ones in the middle (i.e. amazon) where the account getting breached would be painful but the damage is somewhat limited. I change those passwords every year by adding the date (i.e. go from foo_2017 to foo_2018). The base password is long and easy to remember and since it changes, the window of vunerability isn't forever. If I was paranoid, I would add in the month.

You could also just use a password manager:)

User avatar
Peculiar_Investor
Posts: 1134
Joined: Thu Oct 20, 2011 12:23 am
Location: Calgary, AB
Contact:

Re: Are Password Managers Really Necessary?

Post by Peculiar_Investor » Tue Jan 09, 2018 10:31 am

Leesbro63 wrote:
Tue Jan 09, 2018 10:17 am
Or must you use a generated password that's long, has lots of non-letter characters, lots of caps and not-caps, and is so difficult that it cannot generally be remembered by average people.
I'll defer to the experts and suggest reading NIST’s new password rules – what you need to know – Naked Security as an example of what seems to be a very sensible approach to the issue. Some common "best practices" are not necessarily the best. Common sense enters the equation.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

ThriftyPhD
Posts: 722
Joined: Mon Jul 31, 2017 10:43 am

Re: Are Password Managers Really Necessary?

Post by ThriftyPhD » Tue Jan 09, 2018 10:48 am

randomguy wrote:
Tue Jan 09, 2018 10:30 am
ThriftyPhD wrote:
Mon Jan 08, 2018 1:41 pm
RooseveltG wrote:
Mon Jan 08, 2018 10:01 am
So are Password Managers necessary or are they overkill?
If you can remember a unique 20+ random string of upper and lower case, with numbers and symbols, for every login you have, including those that need to be changed on some timescale, as well as those that have unique requirements, then no you don't need a password manager.

With hundreds of separate logins, the above is impossible for me.

99.9% of all sites don't need that level of security. "ThriftyPhD_Bogleheads" for example is probably all the password security you need for this site. It is unique (i.e. when visa gets hacked, they will not get this password), long enough (i.e. obviously could be longer but you are at a level that should stand up to attack for a while), and the data you can steal is almost worthless.

For the accounts that actually matter (vanguard, fidelity), 2 factor authentication should be considered a requirement.

That leaves the ones in the middle (i.e. amazon) where the account getting breached would be painful but the damage is somewhat limited. I change those passwords every year by adding the date (i.e. go from foo_2017 to foo_2018). The base password is long and easy to remember and since it changes, the window of vunerability isn't forever. If I was paranoid, I would add in the month.
Given how EASY password managers are to use, two clicks to login rather than typing out both a login and password, I'm not sure what the above even saves you.

Appending the website, or appending the date, is all relatively simple to detect computationally. Lets say they hack a 'useless' website and get your password as randomguypassword_useless_website_2017 it's pretty easy to guess that your bogleheads password is randomguypassword_bogleheads_2017. On one of these useless websites perhaps you made a purchase, and it saved your credit card number. Now they have that info. Another useless website has your mom's maiden name as a security question answer. They then call Apple saying "Hi I'm randomguy and I forgot my iCloud password". They have some 'personal' info, so apple unlocks the account. With that unlocked, they can unlock your email and many other accounts. Perhaps download data you've backed up to iCloud, including some financial documents.

Sounds far-fetched?

https://www.wired.com/2012/08/apple-ama ... n-hacking/

And yes, many of the methods used at those specific companies were patched in response, but similar threats still exist.

This is a bit like saying "you know, I live in a nice neighborhood, I don't need to use the door locks on my car, I can just duct-tape the door shut instead". Or you could save time and have better security by simply using the locks...
You could also just use a password manager:)
Bingo!

Leesbro63
Posts: 5517
Joined: Mon Nov 08, 2010 4:36 pm

Re: Are Password Managers Really Necessary?

Post by Leesbro63 » Tue Jan 09, 2018 10:50 am

Peculiar_Investor wrote:
Tue Jan 09, 2018 10:31 am
Leesbro63 wrote:
Tue Jan 09, 2018 10:17 am
Or must you use a generated password that's long, has lots of non-letter characters, lots of caps and not-caps, and is so difficult that it cannot generally be remembered by average people.
I'll defer to the experts and suggest reading NIST’s new password rules – what you need to know – Naked Security as an example of what seems to be a very sensible approach to the issue. Some common "best practices" are not necessarily the best. Common sense enters the equation.
I did not understand the above referenced article, but it would seem that the answer to my question is "yes", you need a generated complicated, long password for important sites. Yet in the real world, average people just aren't gonna do it. And there will be pressured on the vendors/providers/site owners to make whole any loss due to hacked data. That being said, I guess I'm now convinced to go the generated password route for important sites.

User avatar
Peculiar_Investor
Posts: 1134
Joined: Thu Oct 20, 2011 12:23 am
Location: Calgary, AB
Contact:

Re: Are Password Managers Really Necessary?

Post by Peculiar_Investor » Tue Jan 09, 2018 11:03 am

Leesbro63 wrote:
Tue Jan 09, 2018 10:17 am
Or must you use a generated password that's long, has lots of non-letter characters, lots of caps and not-caps, and is so difficult that it cannot generally be remembered by average people.
Sorry, I thought the article I linked specifically address this.
NIST’s new password rules – what you need to know – Naked Security wrote:Now for all the things you shouldn’t do.

No composition rules. What this means is, no more rules that force you to use particular characters or combinations, like those daunting conditions on some password reset pages that say, “Your password must contain one lowercase letter, one uppercase letter, one number, four symbols but not &%#@_, and the surname of at least one astronaut.”

Let people choose freely, and encourage longer phrases instead of hard-to-remember passwords or illusory complexity such as pA55w+rd.
The common sense part of their recommendations are:
We’ll start with the things you should do.

Favor the user. To begin with, make your password policies user friendly and put the burden on the verifier when possible.

In other words, we need to stop asking users to do things that aren’t actually improving security.

Much research has gone into the efficacy of many of our so-called “best practices” and it turns out they don’t help enough to be worth the pain they cause.
For me one of the advantages of generated passwords is the fact that it forces my passwords to be unique for every site/account, which improves security in the inevitable case where a site where I have an account gets hacked and the passwords grabbed (aka Adobe). Given the need to create numerous passwords for a variety of sites I would suggest that human nature leads us to use or reuse passwords or common 'base' passwords. A password manager eliminates this tendency.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

Jack FFR1846
Posts: 7985
Joined: Tue Dec 31, 2013 7:05 am

Re: Are Password Managers Really Necessary?

Post by Jack FFR1846 » Tue Jan 09, 2018 11:10 am

For those concerned that someone will find my paper with all my passwords, don't be. I mentioned that everything is coded. So my Bogleheads account might be listed on the paper as **&G583 and the password 11111111&. I know what it means. You don't. It's completely non-obvious, so even if someone gets the paper copy, they have nothing. I've done this since the 80's.
Bogle: Smart Beta is stupid

User avatar
Peculiar_Investor
Posts: 1134
Joined: Thu Oct 20, 2011 12:23 am
Location: Calgary, AB
Contact:

Re: Are Password Managers Really Necessary?

Post by Peculiar_Investor » Tue Jan 09, 2018 11:15 am

Jack FFR1846 wrote:
Tue Jan 09, 2018 11:10 am
For those concerned that someone will find my paper with all my passwords, don't be. I mentioned that everything is coded. So my Bogleheads account might be listed on the paper as **&G583 and the password 11111111&. I know what it means. You don't. It's completely non-obvious, so even if someone gets the paper copy, they have nothing. I've done this since the 80's.
Why do you believe that someone couldn't break your Cipher? It's been done before, a well known example is covered in Cryptanalysis of the Enigma.

Leave it to the experts and use a password manager.
Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams

quantAndHold
Posts: 1903
Joined: Thu Sep 17, 2015 10:39 pm

Re: Are Password Managers Really Necessary?

Post by quantAndHold » Tue Jan 09, 2018 11:24 am

jalbert wrote:
Mon Jan 08, 2018 3:19 pm
As an example, if you live in Washington state and used Snoqualmie as a password based on the name of a mountain pass in the state, this might be easily broken by a dictionary attack. But $n0qu@lmie$ might be safer
Modern dictionary attack tools target words like ”$n0qu@lmie$”. Taking a dictionary word and making it hard for humans to read isn’t the defense it once was. The tools the bad guys use look for these kind of permutations.
(i.e. go from foo_2017 to foo_2018). The base password is long and easy to remember and since it changes, the window of vunerability isn't forever. If I was paranoid, I would add in the month
This too.

These two examples are exactly why a password manager is a good idea. Humans are terrible at picking hard to guess passwords.

User avatar
Epsilon Delta
Posts: 7430
Joined: Thu Apr 28, 2011 7:00 pm

Re: Are Password Managers Really Necessary?

Post by Epsilon Delta » Tue Jan 09, 2018 12:27 pm

Leesbro63 wrote:
Tue Jan 09, 2018 10:17 am
I think the REAL question here is this:


Is security so fragile that you need (a) password(s) so robust that it almost requires a password manager to remember it/them?

In other words, are "normal", "memorizeable" passwords save enough? Or must you use a generated password that's long, has lots of non-letter characters, lots of caps and not-caps, and is so difficult that it cannot generally be remembered by average people.
Yes security is that fragile.

The only reason you need a password with more than about 10bits of entropy (a random five or six letter English word has about 15 bits of entropy) is if the server is going to leak the password or hashes; or is going to allow an unreasonable number of guesses before taking corrective action. Unfortunately most servers do these things, and the people running them don't care, since it's easier to blame the user.

Teague
Posts: 1186
Joined: Wed Nov 04, 2015 6:15 pm

Re: Are Password Managers Really Necessary?

Post by Teague » Tue Jan 09, 2018 1:14 pm

Peculiar_Investor wrote:
Tue Jan 09, 2018 11:15 am
Jack FFR1846 wrote:
Tue Jan 09, 2018 11:10 am
For those concerned that someone will find my paper with all my passwords, don't be. I mentioned that everything is coded. So my Bogleheads account might be listed on the paper as **&G583 and the password 11111111&. I know what it means. You don't. It's completely non-obvious, so even if someone gets the paper copy, they have nothing. I've done this since the 80's.
Why do you believe that someone couldn't break your Cipher? It's been done before, a well known example is covered in Cryptanalysis of the Enigma.

Leave it to the experts and use a password manager.
I'm sure it could be broken. Probably anything besides a one-time pad could, eventually.

But, I think we need to consider the odds that the junkie looking to pilfer and pawn someone's camera equipment is also a cryptographer in his off hours.
Semper Augustus

jalbert
Posts: 3828
Joined: Fri Apr 10, 2015 12:29 am

Re: Are Password Managers Really Necessary?

Post by jalbert » Tue Jan 09, 2018 3:50 pm

Spirit Rider wrote:
Mon Jan 08, 2018 4:41 pm
jalbert wrote:
Mon Jan 08, 2018 3:19 pm
Spirit Rider wrote:
Mon Jan 08, 2018 3:03 pm
You don't have to memorize all the different passwords or use a password manager. You might ask, how?

Then I would have to trot out the dead horse trope; "I'd Tell You, but Then I'd Have to Kill You."

Think someplace you are and something you know no matter where you are.
If you have 40 or 50 robust passwords, they would be unique and you would have to remember where you used capital letters, numbers, punctuation characters etc.

As an example, if you live in Washington state and used Snoqualmie as a password based on the name of a mountain pass in the state, this might be easily broken by a dictionary attack. But $n0qu@lmie$ might be safer, but you have to remember all of the transformations, capitals, and in this case trailing $ for 40-50 passwords.
Not that this is what I am using for passwords. All of what you suggest can be accomplished with a simple ASCII substitution cipher.
Not if you add extra characters, punctuation or even whole words, between random letters of words and don’t apply a substitution to all instances of a given letter nor use the same substitutions for each password or even for each instance of the same letter in a password.
Last edited by jalbert on Sat Jul 21, 2018 5:13 pm, edited 1 time in total.
Risk is not a guarantor of return.

randomguy
Posts: 6504
Joined: Wed Sep 17, 2014 9:00 am

Re: Are Password Managers Really Necessary?

Post by randomguy » Tue Jan 09, 2018 7:52 pm

ThriftyPhD wrote:
Tue Jan 09, 2018 10:48 am
randomguy wrote:
Tue Jan 09, 2018 10:30 am
ThriftyPhD wrote:
Mon Jan 08, 2018 1:41 pm
RooseveltG wrote:
Mon Jan 08, 2018 10:01 am
So are Password Managers necessary or are they overkill?
If you can remember a unique 20+ random string of upper and lower case, with numbers and symbols, for every login you have, including those that need to be changed on some timescale, as well as those that have unique requirements, then no you don't need a password manager.

With hundreds of separate logins, the above is impossible for me.

99.9% of all sites don't need that level of security. "ThriftyPhD_Bogleheads" for example is probably all the password security you need for this site. It is unique (i.e. when visa gets hacked, they will not get this password), long enough (i.e. obviously could be longer but you are at a level that should stand up to attack for a while), and the data you can steal is almost worthless.

For the accounts that actually matter (vanguard, fidelity), 2 factor authentication should be considered a requirement.

That leaves the ones in the middle (i.e. amazon) where the account getting breached would be painful but the damage is somewhat limited. I change those passwords every year by adding the date (i.e. go from foo_2017 to foo_2018). The base password is long and easy to remember and since it changes, the window of vunerability isn't forever. If I was paranoid, I would add in the month.
Given how EASY password managers are to use, two clicks to login rather than typing out both a login and password, I'm not sure what the above even saves you.

Appending the website, or appending the date, is all relatively simple to detect computationally. Lets say they hack a 'useless' website and get your password as randomguypassword_useless_website_2017 it's pretty easy to guess that your bogleheads password is randomguypassword_bogleheads_2017. On one of these useless websites perhaps you made a purchase, and it saved your credit card number. Now they have that info. Another useless website has your mom's maiden name as a security question answer. They then call Apple saying "Hi I'm randomguy and I forgot my iCloud password". They have some 'personal' info, so apple unlocks the account. With that unlocked, they can unlock your email and many other accounts. Perhaps download data you've backed up to iCloud, including some financial documents.

Sounds far-fetched?

https://www.wired.com/2012/08/apple-ama ... n-hacking/

And yes, many of the methods used at those specific companies were patched in response, but similar threats still exist.

This is a bit like saying "you know, I live in a nice neighborhood, I don't need to use the door locks on my car, I can just duct-tape the door shut instead". Or you could save time and have better security by simply using the locks...
You could also just use a password manager:)
Bingo!
And in that attack would a password manager helped? I just hacked visa and have your email, address and CC. I then call up apple and they let me in.😁

Core accounts like Facebook/Google that open the cookie jar are the ones you need 2 factor authentication on.

Here is a question. Do you use a new credit card number for every purchase? It is safe. It is also a pain in the ass😁

AntsOnTheMarch
Posts: 610
Joined: Mon May 29, 2017 5:47 pm

Re: Are Password Managers Really Necessary?

Post by AntsOnTheMarch » Tue Jan 09, 2018 9:52 pm

randomguy wrote:
Tue Jan 09, 2018 7:52 pm

And in that attack would a password manager helped? I just hacked visa and have your email, address and CC. I then call up apple and they let me in.😁
No, Apple won’t let you in. That incident from 2012 has no relation to Apple’s current 2FA.

User avatar
zaplunken
Posts: 921
Joined: Tue Jul 01, 2008 9:07 am

Re: Are Password Managers Really Necessary?

Post by zaplunken » Sun Feb 11, 2018 4:14 pm

Oh I love these password manager threads and I have read every one of them for the past 8-10 years. :D

I use a password manager and I keep it off line and I would never put it in the cloud. I worked in IT most of my life and understand when the experts tell you to never do this or don't do that I listen. I am always amused by the people who have no need for a password manager, who think they are immune cuz they have a system that works and better yet write it down on paper and have 1 copy in the house! :oops: You folks will be the ones that are compromised but then it'll be too late.

I use unique user names and passwords everywhere except for the PITA places that force me to use my email for my user name, how stupid is that! :confused I can store not just user names and passwords in a password safe but also security questions, PINS, anything I want or need to in the password manager. If a site lets me use X positions for a user name I use them all and the same for a password. I use all combinations of characters they allow for both. My security questions are just as scrambled as my user ids and passwords. I do make my own vs using the ones the password manager creates but I am careful to look at what they create and mimic that. I also use 2FA where it is allowed. My password manager is on 3 flash drives cuz 2 is 1 and 1 is none.

With a userid of U776%g^vv@aP0)-nn66q (or longer) and a password of 9jJ7#zxcK7476$FGO8jjuu$g%$SnN* (or longer) I think my user ids and passwords are pretty safe from dictionary attacks. My mother's maiden name is Jump87 FhW22% goatGOAT66 and if anyone can guess that I say wow!

I never have changed anything except when a site requires I make a change like for Social Security. I never have had a problem and using these simple measure I am sure I never will. Even if 1 site was compromised it won't compromise any other site.

ETA - I keep an up to date print out of the password safe in my safe deposit box so even if I lost all the flash drives I can recreate the password manager back to whole though it would be a PITA cuz there's a lot of stuff in it!

Leesbro63
Posts: 5517
Joined: Mon Nov 08, 2010 4:36 pm

Re: Are Password Managers Really Necessary?

Post by Leesbro63 » Sun Feb 11, 2018 4:53 pm

zaplunken wrote:
Sun Feb 11, 2018 4:14 pm
Oh I love these password manager threads and I have read every one of them for the past 8-10 years. :D

I use a password manager and I keep it off line and I would never put it in the cloud. I worked in IT most of my life and understand when the experts tell you to never do this or don't do that I listen. I am always amused by the people who have no need for a password manager, who think they are immune cuz they have a system that works and better yet write it down on paper and have 1 copy in the house! :oops: You folks will be the ones that are compromised but then it'll be too late.

I use unique user names and passwords everywhere except for the PITA places that force me to use my email for my user name, how stupid is that! :confused I can store not just user names and passwords in a password safe but also security questions, PINS, anything I want or need to in the password manager. If a site lets me use X positions for a user name I use them all and the same for a password. I use all combinations of characters they allow for both. My security questions are just as scrambled as my user ids and passwords. I do make my own vs using the ones the password manager creates but I am careful to look at what they create and mimic that. I also use 2FA where it is allowed. My password manager is on 3 flash drives cuz 2 is 1 and 1 is none.

With a userid of U776%g^vv@aP0)-nn66q (or longer) and a password of 9jJ7#zxcK7476$FGO8jjuu$g%$SnN* (or longer) I think my user ids and passwords are pretty safe from dictionary attacks. My mother's maiden name is Jump87 FhW22% goatGOAT66 and if anyone can guess that I say wow!

I never have changed anything except when a site requires I make a change like for Social Security. I never have had a problem and using these simple measure I am sure I never will. Even if 1 site was compromised it won't compromise any other site.

ETA - I keep an up to date print out of the password safe in my safe deposit box so even if I lost all the flash drives I can recreate the password manager back to whole though it would be a PITA cuz there's a lot of stuff in it!
How do I know if my password manager IS in the cloud? I actually assume it is. And if I want it to be not there, how does it work at my desktop computer? Yeah, I sound naive, I know.

User avatar
zaplunken
Posts: 921
Joined: Tue Jul 01, 2008 9:07 am

Re: Are Password Managers Really Necessary?

Post by zaplunken » Sun Feb 11, 2018 5:29 pm

I would read at their website. Many are, I know that KeePass is not. Many feel safe with being in the cloud but I do not. YMMV.

ETA if it is in the cloud I doubt you can move it to your device (pc, phone, tablet).

User avatar
CardinalRule
Posts: 150
Joined: Sun Jan 15, 2017 11:01 am
Location: United States

Re: Are Password Managers Really Necessary?

Post by CardinalRule » Sun Feb 11, 2018 9:32 pm

A password manager is absolutely necessary for me. Way too many passwords, and I do not like short, easy-to-remember ones. I need a mobile solution and use 1Password on my iPhone, iPad, and laptop. I use local files and a strong master password. If I am ever forced to a cloud-based version, I will look for another password manager vendor. But for now, I really like the convenience and power of 1Password and rely heavily on it.

RustyShackleford
Posts: 1311
Joined: Thu Sep 13, 2007 12:32 pm
Location: NC

Re: Are Password Managers Really Necessary?

Post by RustyShackleford » Sun Feb 11, 2018 9:53 pm

b42 wrote:
Mon Jan 08, 2018 10:09 am
t's also better to not re-use the same password across all sites, since if someone gains access to one account, they could in theory gain access to all the other ones.
Isn't that exactly what a password manager does though ?

Post Reply