I read other posts, but none of them seemed to cover my main concern as password managers being a single point of failure.
What exactly is the difference of using **(A)** the same 25-long password for all my important logins (email, banks, personal documents), and **(B)**, a 25-long password as the master key to my password manager with different keys to my individual logins?
A malicious user would take the same amount of time to crack that 25-long password in my password manager and my bank account. In scenario A the attacker would crack the password and have access to my other logins (since they are all the same), and in scenario B the attacker would crack my password manager, therefore exposing all my other logins. So what exactly is the difference here?
I understand password managers help the general population in the sense of enforcing a stronger password. But if you already use a very strong password (i.e. 25 characters) for all your log-ins, I don’t really understand the difference to having a password manager, where I would use that same password as the master key, which technically leads to the same catastrophic scenario.
Help me understand.
In: 5
I use a password manager, and have something like 250 passwords, from forums to shopping sites to multiple financial institutions.
The security comes from different passwords for each site.
The security of your bank vs your model train hobby forum are very very different. And thats picking a low ball. Look at breach lists and you will find 100s of sites that you would treat as trustworthy and should have security under control and get breached.
They all also have different complexity options, sometimes 6 chars sometimes 20.
Latest Answers