[david-cako]

Somewhat true.

I use abbreviations of several different long sentences with random characters added in random positions.

To me this is far more secure than trusting a single authoritative source with 10 different random character strings that I have no real ownership of, and can all easily be stolen (or lost) at once.

[BoorishBears]

I have at least 50 different passwords in my 1Password account

And 1Password supports syncing via services other than their own and each device acts as its own backup too, so you’re really only relying on their service to shuttle around an encrypted keystore to your new devices.

[david-cako]

Ok, but the core of the argument to me is "Is having a bunch of passwords that you don't actually know all in one place more secure than having a smaller bunch of passwords that you do actually know that, still, can at most be leaked one at a time?"

For me the answer is no. I would rather have fewer technically less secure passwords than have technically more secure passwords that all live in one place. My passwords live "nowhere". There is no database breach, or peek over the shoulder that could ever compromise my entire wellbeing.

I also use 2fa wherever possible.

[BoorishBears]

>Is having a bunch of passwords that you don't actually know all in one place more secure than having a smaller bunch of passwords that you do actually know that, still, can at most be leaked one at a time?

It’s been repeatedly demonstrated that yes, it is.

[david-cako]

>It's been repeatedly demonstrated

Meaning you have consulted a sea of research that has compared the risk posed by password managers to keeping a mental catalogue of long, not-random-but-pretty-good character strings, using 2fa, and exercising proper security habits?

I don't think you could ever come to an objective conclusion, since the 99%-user doesn't have a near-autistic obsession with security like most of us.

[BoorishBears]

I don’t have an obsession with security, it’s just so easy and cheap that I don’t get why you wouldn’t do it (the people with an obsession with security probably don’t even trust 1Password to sync that encrypted file anyways)

My mom, who is as far removed from tech as you can get, understands why not sharing passwords might be a good idea when one can get hacked and set of a domino effect.

And your comparison is a straw man, the real comparison is trying to remember 50 random passwords to using a password manager because there is a sea of research showing that good passwords should be truly high entropy and random.

Using a password manager doesn’t stop you from using 2fa like your comparison is worded to imply.

[UncleMeat]

The answer is yes. For the large majority of users, the only thing that matters is that you never reuse your passwords. Since human beings cannot feasibly remember unique passwords for each service, password managers win.