I read other posts, but none of them seemed to cover my main concern as password managers being a single point of failure.
What exactly is the difference of using **(A)** the same 25-long password for all my important logins (email, banks, personal documents), and **(B)**, a 25-long password as the master key to my password manager with different keys to my individual logins?
A malicious user would take the same amount of time to crack that 25-long password in my password manager and my bank account. In scenario A the attacker would crack the password and have access to my other logins (since they are all the same), and in scenario B the attacker would crack my password manager, therefore exposing all my other logins. So what exactly is the difference here?
I understand password managers help the general population in the sense of enforcing a stronger password. But if you already use a very strong password (i.e. 25 characters) for all your log-ins, I don’t really understand the difference to having a password manager, where I would use that same password as the master key, which technically leads to the same catastrophic scenario.
Help me understand.
In: 5
If your password is long enough that you can remember it: Not secure (or you are one insane superhuman.
If your account uses an algorythm to be created .. e.g. your name + phonenumber+first 5 letters of the Service: NOT secure.
If your password is used at more than one service: NOT secure, because that site could have been compromised.
best security ? md5-hash sized passwordlength (32 characters) using all possible letters in the UTF8-Alphabet.
> my main concern as password managers being a single point of failure
A thief getting and cracking your password database is unlikely, a low risk.
The risk of you using weak passwords, or re-using passwords, or not using 2FA, or simply forgetting a password, if you don’t use a password manager, is high.
> if you already use a very strong password (i.e. 25 characters) for all your log-ins
You’re using the **same** strong password for all sites ? That’s a terrible practice.
You have a different 25-char password for each site ? I have well over 100 accounts, no way I could remember all those passwords.
Do you trust every website that you use your strong password for? There are lots of sites that still store passwords insecurely. It’s possible that these sites could be hacked and then your password that you use for important things like banking is now in the open.
A password manager uses a different password for each site, meaning if one gets leaked through a hack, then only that one site is vulnerable.
Latest Answers