It would be foolish indeed to give your master passphrase to another person. Unless that person is a trusted spouse or partner, and the accounts are joint.tibbitts wrote: ↑Mon May 11, 2020 8:29 pmMaybe you missed the part where I said I do use a password manager that does store copies of its password vault on its network servers. All of my important logins and passwords are stored there. But the fact is that by justing giving my one master password (or two-factor capability, if I enable that) to another person, that other person can access all my logins and passwords. I felt the original reply was misleading in that it suggested there was not a single point of failure (or possibly two if you optionally enable two-factor.) There is.gtd98765 wrote: ↑Mon May 11, 2020 8:20 pmIt's kind of a tautology that someone with a master password and a hardware key, if used, can decrypt everything stored in the manager's vault. That's the point. But if a hacker does not have those things, the passwords are just gibberish and therefore useless to a thief.tibbitts wrote: ↑Mon May 11, 2020 7:14 pm
You are correct that a password manager that is designed to use only a local device is not vulnerable to attack via the internet, but it's still vulnerable to revealing all the passwords it contains to someone having the required credentials and the physical device. I didn't think of the case of not storing passwords on a password manager's servers because that doesn't seem useful to me, but it's fine if other people choose to do that.
Using a password manager is the single best way for the average user to protect the financial and other accounts s/he has on line. It is not possible for a hacker to break into an online vault and steal passwords from any of the major vendors. It would likewise be impossible for a hacker to break into the vault if stolen from a computer as long as the user keeps the Master Password a secret. It is irresponsible to tell people otherwise to discourage use of a tool that will help keep them safe.
There is another point of failure. If you use the master passphrase "password" then you can be sure you will be hacked.