Why are password managers considered good security practice when they provide a single entry for an attacker to get all of your credentials?

1.60K viewsOtherTechnology

Why are password managers considered good security practice when they provide a single entry for an attacker to get all of your credentials?

In: Technology

38 Answers

Anonymous 0 Comments

Generally, because the idea of following good security practices on all of your passwords is pretty unrealistic. It would work if you randomized your passwords, they were unrelated to each other, followed rules about using strong passwords, and enabled 2FA on every single site.

The thing is, no one is going to go through all that. So the thinking is that one extremely safe password with all the best practices is better than having many poor passwords with any of them possibly being a point of failure if you duplicate login credentials.

But to your point, the downside is a single point of failure. You risk literally everything and if that ever gets breached, you’re entirely screwed. The bet is that that’s less likely to happen than for your assortment of weak passwords to cause a house of cards.

IMO, password managers are over-pushed as a magic bullet to all password problems, when, realistically, it’s not really that simple. You’re just changing from lots of small risks on lots of things vs going all in on one thing.

But it’s a lot easier to say “use a password manager” than something like “use unique passwords, come up with a system to remember them that wouldn’t make sense to anyone else” or “share a common password about sites you don’t care about, but use unique passwords to each account of value (email, banks, etc)”.

You are viewing 1 out of 38 answers, click here to view all answers.