| > Create a single-point-of-failure for my entire digital-life? Thanks, I'll pass. A password manager does not have to be a single point of failure. To lose access to my passwords, I'd have to lose my phone, tablet, two computers at home, and one at my office, as well as my offline backups. > If you're smart enough to remember more than one song, you can probably build up several pass-phrases that are supremely easy to remember, nearly impossible to guess, and easier to type than some rando-group of characters I have around 400 passwords. That's a lot to remember. Don't forget that not only would I have to remember 400 pass phrases, but I'd also have to remember which goes with which site. For sites that I have to enter passwords frequently, I could probably keep track, but there aren't actually many sites like that because of cookies. To make 400 memorized pass phrases work, I'd have to maintain a file with a list of sites and pass phrase hints...and now that file is as much a point of failure as a password manager database would be. Those hints might help an attacker guess my pass phrases, so that hint file needs to be kept secure. Wait...so now I'd essentially be using an improvised, half-assed pseudo password manager that has all the potential downsides of a password manager, but that doesn't actually remember the passwords for me! That is totally texas [1]. [1] https://news.ycombinator.com/item?id=10439977 |