I read other posts, but none of them seemed to cover my main concern as password managers being a single point of failure.
What exactly is the difference of using **(A)** the same 25-long password for all my important logins (email, banks, personal documents), and **(B)**, a 25-long password as the master key to my password manager with different keys to my individual logins?
A malicious user would take the same amount of time to crack that 25-long password in my password manager and my bank account. In scenario A the attacker would crack the password and have access to my other logins (since they are all the same), and in scenario B the attacker would crack my password manager, therefore exposing all my other logins. So what exactly is the difference here?
I understand password managers help the general population in the sense of enforcing a stronger password. But if you already use a very strong password (i.e. 25 characters) for all your log-ins, I don’t really understand the difference to having a password manager, where I would use that same password as the master key, which technically leads to the same catastrophic scenario.
Help me understand.
In: 5
The thing is that you are supposed to not just have one strong password, but a different strong password for each account.
If you reuse the same password across multiple sites, it only takes one site to be compromised to have all your accounts across all sites endangered.
The password manager is supposed to help you have individual passwords for each site, which would otherwise be hard to memorize.
The password manager either stores your password locally or in the cloud in an encrypted form, so it tends to be relatively safe if done right.
The chief danger password mangers are supposed to protect against is that if a website gets hacked and they now have your email and the password (or a hash of the password) you used on this site and can try it everywhere else.
Latest Answers