dr_st wrote:The way I see it, you either have one place where you store it (and then it's always has to be with you, and there is a risk of data loss / theft)
Uh password theft from physical attackers is a risk no matter what you do with your passwords. If you're one of the people who type and remember your passwords that's what keyloggers are for.
dr_st wrote:The way I see it, you either have one place where you store it
You don't ever store important data in just one place.
dr_st wrote:or you have multiple storage spots, where you have to constantly synchronize between them.
Alternatively, you don't create new accounts constantly. Why are you creating new accounts constantly?
Also when you do, are they really too important to lose? Can't be retrieved via forgotten password if worst comes to worst. This is talking about if you're synchronizing for backup purposes.
If you're synchronizing passwords because you need them on multiple devices, are you really constantly creating new accounts that you need access to on multiple devices?
It's about 6 months since I had to synchronize my passwords.
Jade Falcon wrote:dr_st wrote:ZellSF wrote:Not telling people your password pattern is not and never was best practice. Not having a password pattern is best practice. That requires a password manager. Use an offline one if you don't trust the cloud.
Thats not much different then using the same password everywhere. I only need to make a worm with key logger and snatch up your password manger password . If your remember your passwords you'd likely find the worm before you give it everything.
You do know what keyloggers do to people who DON'T use password managers right?
No they wouldn't magically find the worm before they logged into important accounts, they would lose the important accounts without any specific targeting while against a password manager you'd have to actually program your worm to copy the password manager database.
Jade Falcon wrote:
A well made mangier is grate in meany ways but fundamentally bad in just as meany. The only thing you're protected from is someone at a computer tying to gees your password to Facebook or something. if they get any local accesses your screwed.
Uh, fucking duh? If a determined attacker have physical access you're ALWAYS screwed. As mentioned above that's really not an argument against password managers though.
You say you're "only" protecting against someone trying to guess your Facebook password. That's really the main threat to your account security, hackers are constantly trying to "guess" your password by using patterns they establish from looking at your previous passwords or just you know actually using your previous passwords because everyone who "remembers" their password are guilty of some level of reuse.
Of course they aren't trying to get into your Facebook account, but any account that holds money or anything that can be traded for money.
They'll also be employing phishing attacks, which password manager offers some very minimal protection from.
Sorry your argument against password managers here is laughable. You're not trying to protect against people who already have entirely compromised your computer. That's not a doable thing. You're trying to protect against internet hackers who are just trying to breach your account. Which is doable, and password managers are the best way of doing it.
Jade Falcon wrote:
Any form of security wit ha single point of failure is just asking for trouble.
Guess what human memory is? A single point of failure. I've talked to enough people that lost critical accounts. The people who've written down their passwords (a primitive password manager)? Not among them.
Jade Falcon wrote:I'm not recommending them to anyone that can use unique passwords.
So you would recommend them to everyone?
I've yet to meet a human who's told me they can remember unique secure passwords for everything. There's always a pattern, a weakness to be exploited.
Jade Falcon wrote:Also one major problem I have with mangers is people that forget how to use them. Some one set me grandmother up with Apple's Keychain, for forgot the Keychain password witch meant she could not log into anything.
A problem very easily solvable with very very minimal education.
Yes I know teaching users anything is hard, but educating them to deal with this is easy compared to the mess you have to teach them without password managers.
Though in that particular case you wouldn't want to educate her, but set up her system properly for her in the first place (make her type her password each time she starts her computer for example).