I read other posts, but none of them seemed to cover my main concern as password managers being a single point of failure.
What exactly is the difference of using **(A)** the same 25-long password for all my important logins (email, banks, personal documents), and **(B)**, a 25-long password as the master key to my password manager with different keys to my individual logins?
A malicious user would take the same amount of time to crack that 25-long password in my password manager and my bank account. In scenario A the attacker would crack the password and have access to my other logins (since they are all the same), and in scenario B the attacker would crack my password manager, therefore exposing all my other logins. So what exactly is the difference here?
I understand password managers help the general population in the sense of enforcing a stronger password. But if you already use a very strong password (i.e. 25 characters) for all your log-ins, I don’t really understand the difference to having a password manager, where I would use that same password as the master key, which technically leads to the same catastrophic scenario.
Help me understand.
In: 5
> my main concern as password managers being a single point of failure
A thief getting and cracking your password database is unlikely, a low risk.
The risk of you using weak passwords, or re-using passwords, or not using 2FA, or simply forgetting a password, if you don’t use a password manager, is high.
> if you already use a very strong password (i.e. 25 characters) for all your log-ins
You’re using the **same** strong password for all sites ? That’s a terrible practice.
You have a different 25-char password for each site ? I have well over 100 accounts, no way I could remember all those passwords.
Latest Answers