I read other posts, but none of them seemed to cover my main concern as password managers being a single point of failure.
What exactly is the difference of using **(A)** the same 25-long password for all my important logins (email, banks, personal documents), and **(B)**, a 25-long password as the master key to my password manager with different keys to my individual logins?
A malicious user would take the same amount of time to crack that 25-long password in my password manager and my bank account. In scenario A the attacker would crack the password and have access to my other logins (since they are all the same), and in scenario B the attacker would crack my password manager, therefore exposing all my other logins. So what exactly is the difference here?
I understand password managers help the general population in the sense of enforcing a stronger password. But if you already use a very strong password (i.e. 25 characters) for all your log-ins, I don’t really understand the difference to having a password manager, where I would use that same password as the master key, which technically leads to the same catastrophic scenario.
Help me understand.
In: 5
Also worth pointing out that some websites have different requirements for passwords.
My bank only allows 6 alphanumeric, my golf club is minimum 8, max 16 alphanumeric and selected symbols, countless other things.
So you end up with a bunch of different password everywhere simply because not all websites let you have the same 25 character strong password, and have to remember them all somehow. That’s where the security usually falls down – putting them in a notebook or a phone note or something.
Putting into a password manager keeps them available AND secure.
Latest Answers