Because password managers store their passwords behind pretty sturdy encryption, and they require a master password that you can usually more easily remember and keep complex without too much issue.
Then when they go to do inputs and auto-fills they can sanitize the inputs in such a way that keyloggers can’t just skim their input easily.
They also do things like prompt you to change passwords to something new with different capitalization, symbols, numbers, etc. So that it’s easier to practice good data security with keeping your passwords unique to each service.
Now, they do create a single point of failure, but that point of failure is pretty sturdy as I’ve stated. It also typically requires you to have someone getting access to the system in question in person rather than remotely.
So first off all, a lot of people reuse their passwords, for other stuff, so if a hacker can get a hold of one, they can usually get access to many more accounts, you’ll be surprised, of how poor and how many times people reuse passwords, and password manager is a way to have unique passwords that are hard to crack using brute force methods, and even if it is cracked, you other accounts for various stuff isn’t compromised
Second, A password manager is encrypted and can only be unlocked by using a master password, and there is a two factor authentication, and even then if I log into my password manager on new device, I have to confirm and give access on an another approved device
And third as far as I know most password managers don’t store your password directly, they store them in an encrypted state that your master password can decrypt, I suppose if someone could reverse engineer the encryption then they could get your passwords, but a lot of research is done to make sure the encryption is tight.
So while a password manager is a single point of entry, it’s like a having a big fortified castle, sure if attackers could conquer the castle it would be huge, but it is insanely hard and requires many resources, so they would rather use their time and resources trying to conquer the small village
Because the alternative would be to use the very same master password online instead of on an offline application (yes, there are synced password managers but the ones that do their job correctly decrypt their database locally). And online here means multiple systems not managed by the same person, potentially with unsafe technologies (no salting, old hashing if any, etc.).
It enables you to have a different password for every single login, and not care how complicated or long those passwords are. Those online logins are _far_ more likely to be attacked than something running on your machine (the password manager) so you’re already winning.
That’s not to say the password manager is defenceless in the first place, though. In the case of online ones like 1Password, they actually have good protections in place to ensure it’s really you logging in, like a long complicated “key” (just a second password, really).
100% offline managers are obviously less prone to attack though, and come with offline secondary keys too. Check out KeePassXC, for example.
So my password manager is through Bitdefender, and I love it. I have to remember 2 passwords for the program. It generates unique and difficult passwords for my accounts. I have it on my phone, my computer, and tablet and it’s all synced. When I create a new account, I input the information for that website, have it generate a password and save it. It uses Face ID on my phone. No password guessing, no multiple variations of the same password. If for some reason I need to type the actual password, I can view it.
It simplifies and secures something that has become difficult to manage. Every website/service has you create an account, and you can’t use the same password because of hackers. It’s unrealistic to memorize a hundred different passwords. Having a secure password manager makes the most sense.
Latest Answers