Why are password managers considered good security practice when they provide a single entry for an attacker to get all of your credentials?

1.62K viewsOtherTechnology

Why are password managers considered good security practice when they provide a single entry for an attacker to get all of your credentials?

In: Technology

38 Answers

Anonymous 0 Comments

Because password managers store their passwords behind pretty sturdy encryption, and they require a master password that you can usually more easily remember and keep complex without too much issue.

Then when they go to do inputs and auto-fills they can sanitize the inputs in such a way that keyloggers can’t just skim their input easily.

They also do things like prompt you to change passwords to something new with different capitalization, symbols, numbers, etc. So that it’s easier to practice good data security with keeping your passwords unique to each service.

Now, they do create a single point of failure, but that point of failure is pretty sturdy as I’ve stated. It also typically requires you to have someone getting access to the system in question in person rather than remotely.

Anonymous 0 Comments

So first off all, a lot of people reuse their passwords, for other stuff, so if a hacker can get a hold of one, they can usually get access to many more accounts, you’ll be surprised, of how poor and how many times people reuse passwords, and password manager is a way to have unique passwords that are hard to crack using brute force methods, and even if it is cracked, you other accounts for various stuff isn’t compromised

Second, A password manager is encrypted and can only be unlocked by using a master password, and there is a two factor authentication, and even then if I log into my password manager on new device, I have to confirm and give access on an another approved device

And third as far as I know most password managers don’t store your password directly, they store them in an encrypted state that your master password can decrypt, I suppose if someone could reverse engineer the encryption then they could get your passwords, but a lot of research is done to make sure the encryption is tight.

So while a password manager is a single point of entry, it’s like a having a big fortified castle, sure if attackers could conquer the castle it would be huge, but it is insanely hard and requires many resources, so they would rather use their time and resources trying to conquer the small village

Anonymous 0 Comments

you definitely should use multiple factors for accessing your password manager. combine at least 2 out of the 3: something you *know* (memorized strong password/phrase), something you *have* (yubikey, USB drive with keyfile) and something you *are* (fingerprint or other biometrics)

Anonymous 0 Comments

Because the alternative would be to use the very same master password online instead of on an offline application (yes, there are synced password managers but the ones that do their job correctly decrypt their database locally). And online here means multiple systems not managed by the same person, potentially with unsafe technologies (no salting, old hashing if any, etc.).

Anonymous 0 Comments

It enables you to have a different password for every single login, and not care how complicated or long those passwords are. Those online logins are _far_ more likely to be attacked than something running on your machine (the password manager) so you’re already winning.

That’s not to say the password manager is defenceless in the first place, though. In the case of online ones like 1Password, they actually have good protections in place to ensure it’s really you logging in, like a long complicated “key” (just a second password, really).

100% offline managers are obviously less prone to attack though, and come with offline secondary keys too. Check out KeePassXC, for example.

Anonymous 0 Comments

So my password manager is through Bitdefender, and I love it. I have to remember 2 passwords for the program. It generates unique and difficult passwords for my accounts. I have it on my phone, my computer, and tablet and it’s all synced. When I create a new account, I input the information for that website, have it generate a password and save it. It uses Face ID on my phone. No password guessing, no multiple variations of the same password. If for some reason I need to type the actual password, I can view it.

It simplifies and secures something that has become difficult to manage. Every website/service has you create an account, and you can’t use the same password because of hackers. It’s unrealistic to memorize a hundred different passwords. Having a secure password manager makes the most sense.

Anonymous 0 Comments

One thing people also forget is for most things you have a single entry for an attacker already, your e-mail.

Anonymous 0 Comments

Sort for the obvious use of not having a notepad with all your password unencrypted it provides a secure place to access them, the IT guys can unlock it for you when you forget your one password after password change day and you don’t have to reset all of them

Anonymous 0 Comments

Hmm, the most secure password manager I have is this little book with all my passwords in it. And to make it even better it’s stored at my home and at another safe location and where the later one gets regularly updated.

Anonymous 0 Comments

Because if you have one strong password that’s over 16 characters it will take billions of years to break it. 

Compared to 100 variations of myDogsName123 which takes about a few days to crack.