Because they prevent you from doing worse things- like using bad passwords because they’re easier for you to remember, or reusing the same password for everything, or writing down your passwords

Edit: for those asking, writing down your password is particularly dangerous in shared spaces (like corporate offices). Imagine a scenario where a school teacher, who has access to all of the students grades and personal information, has their password written on a sticky note on their monitor

[removed]

Have a look at this chart:

https://www.weforum.org/agenda/2021/12/passwords-safety-cybercrime/

1 super strong password on your password manager and it’s next to impossible to crack with current technology.

Using a password manager and changing your passwords easily and regularly would be the answer.

It’s very rare for a password manager company to have a leak of details, because they would be more likely to have it under heavy encryption, unlike most websites where passwords are leaked from.

Since you would be using different strings of letters and numbers for passwords with a password manager, not the same one on every site, it makes it very secure, especially when there is more than 1 method used to enter your password manager.

If you use the same password everywhere, you have *a lot* of single entries rather than just one. If any poorly designed site gets hacked and your password is leaked, the attacker can access your other accounts, even on better-secured sites.

So in this case, a single point of entry is a good thing. It reduces your *attack surface*–the amount of things that can go wrong. You only have to protect and remember one password, rather than one for every site.

Also, remember that there’s another single point of failure: email. If an attacker can access your email, they can “Forgot Password” the other sites you use. That’s why it’s especially important to keep your email password secure.

What are the chances that the average internet user can use a strong, completely unique password for every online account they create and remember all of them in their head? Literally zero.

People will instead either use the same password everywhere or write them down on notes next to their computer or in their notes app, all of which are *very* insecure.

A good password manager has a ton of advantages:

* It encrypts all your passwords using a master password and other forms of authentication (like fingerprint) so leaking all of them is very unlikely
* It has a built-in strong password generator
* It has browser autofill which validates the URL of the page you are on, so you won’t accidentally enter a password on a phishing site which resembles the real one
* Services which store your passwords in the cloud still don’t have access to them in plain text. The encryption key never leaves your device, so even if their databases get leaked your passwords won’t be exposed.

Overall, while keeping all your passwords in the same place does have some amount of risk, the advantages greatly outnumber it.

Something I didn’t see mentioned by others is that you can use an arbitrarily long passphrase for you master password, easy to remember and very hard to break.

You can’t do that in a lot of places that require a password as each have very different sets of security rules, including not allowing passwords over a certain length or with certain special characters.

Best recommendations for a good free password manager? I need one after reading the replies.

Hackers usually work off of leaked information from specific sites.

It takes a lot more effort to send out viruses to get into other people’s computers to try to get directly into their password managers.

For every person that uses a password manager and multi-factor authentication there are probably 10 people whose password for some random website like a forum with no real security is the same as their email and bank accounts.

It’s just like thieves breaking into a house. They usually move on from houses with cameras and a locked door because in the time it takes them to break in and steal stuff they could go down the block and find a few houses that didn’t lock their door and steal twice as much stuff from those houses.

If you only have to remember one password, it’s far more likely that it’s going to be a few orders of magnitude more secure than the hundreds of passwords you need to make and remember for every stupid account you need to make across the whole Internet.

before password managers people were reusing passwords everywhere and they were all short, often dictionary based passwords like:

Sherbet77

this password is easy to brute force as it is based on a dictionary word. this plus its length makes it have low entropy, meaning its easier to crack.

more importantly though, if you used it for your facebook you probably used it for your email too. and at that point people can get all your passwords via resets, even if they arent all the same or similar.

with a password manager you remember one password, ehich should be long but doesnt need to be hard to type or remember.

xkcd’s “correct horse battery staple” is a good example of a password that is fairly good even though it is made of dictionary words and therefore easier to remember.

but more importantly your access is usually secured with two factor authentication, so you dont just need to put i nyour password, you also need to type in a code or accept a prompt on your phone with your fingerprint to allow a device to access your passwords. that severely decreases the ways people can access your passwords.

and pasword managers are starting to go even further now. risk-assessments are made every time someone tries to log in and that changes how the login is handled.

for example a login might not be allowed over an unsecure connection or from a foreign country without extra steps being taken to confirm it really is you wanting to access your passwords.