A good password manager (1Password) will have security practices that make the risk of this happening effectively 0%. Even if someone were to access your vault, they wouldn't have your public key or PW needed to actually decrypt it (and crucially 1Password does not retain this information).Serious question, can somebody explain to me the benefits of a PW manager? Why would I trade the risk that any one of my online accounts gets hacked for the risk that every single one of them gets hacked through the PW manager? What am I missing?
Without a password manager to have long, random, unguessable passwords people tend to use same or similar passwords for many different services. If one website gets hacked then it often provides access to lots of other onesSerious question, can somebody explain to me the benefits of a PW manager? Why would I trade the risk that any one of my online accounts gets hacked for the risk that every single one of them gets hacked through the PW manager? What am I missing?
Thanks. That's interesting and I trust that you're correct, but I feel like that's the same line I get from every company that asks for my personal data, and then six months later I get the obligatory "sorry, your account was hacked and all your personal data including DOB and SSN are on the dark web, we'll be glad to monitor your credit for six weeks for free to make it up to you" letter. IMO there need to be much stiffer penalties for businesses that allow this stuff to happen.A good password manager (1Password) will have security practices that make the risk of this happening effectively 0%. Even if someone were to access your vault, they wouldn't have your public key or PW needed to actually decrypt it (and crucially 1Password does not retain this information).
The big difference being those company's business isn't securing your data (they do the bare minimum to comply with whatever standards they're supposed to), whereas these password managers have everything on the line if they fuck it up (see: LastPass breach, which was bad but not world ending since people had time to change master passwords to mitigate any risk, but it cost them all of their reputation).Thanks. That's interesting and I trust that you're correct, but I feel like that's the same line I get from every company that asks for my personal data, and then six months later I get the obligatory "sorry, your account was hacked and all your personal data including DOB and SSN are on the dark web, we'll be glad to monitor your credit for six weeks for free to make it up to you" letter. IMO there need to be much stiffer penalties for businesses that allow this stuff to happen.