[y4mi]

Using a password manager doesn't make you immune to having your credentials leaked if a sites database is breached...

[wavemode]

Uh... he never said it did? Just that yours would be the last hash to be cracked.

[y4mi]

then why would that password tresor user win, after his credentials were leaked by a database breach -- before other select people that weren't compromised but abstained from said software.

Its generally incomprehensible to me why some people don't want to use password tresors -- its so much easier after all - but his argument was flawed.

[wepple]

Because parent said there would be a competition for whose password is cracked last.

My 16 char fully randomized passwords will not be cracked, so I win, along with everyone else using a password manager?

[tambre]

What's a password tresor? Did you mean password manager? Wiktionary tells me it means "treasure" in Catalan and Old French.

[BlackLotus89]

Tresor means safe in german so maybe he is a german that substituted the z in trezor

[dcuthbertson]

It also means "storehouse", so he probably means password manager.

[seele]

I think he meant this: https://trezor.io/

And more specifically: https://trezor.io/passwords/

[y4mi]

I meant password manager/safe.

Sorry for that mix up.

[Ajedi32]

It actually does, provided the passwords aren't stored in plaintext.

Even something ridiculously weak like a SHA-1 hash isn't going to be cracked if the password is 16 characters long and completely random.

[ianseyer]

provided:

- the passwords aren't stored in plaintext or any other compromised hashing mechanism

- you autogenerated your password

- your password manager does not get compromised

saying "it actually does" is a bit of absolutist stretch...

[arghwhat]

Furthermore, none of this is a side-effect of using a password manager. It just makes doing so more convenient.

[aidenn0]

Within a margin of error, zero people can remember 20 16-character random alphanumeric passwords. Therefore it is only possible using some sort of password manager, whether it be something like 1password or an old-fashioned notebook.

[arghwhat]

You need to specify your margin of error. ± the full population of humans on Earth is "a margin of error".

I may be an outlier, but I certainly remember 10+ 20-25 character random full-printable-ASCII passwords, some of which don't let a password manager handle them, others which I don't want to have in a manager. And then there's my password manager master password, which is close to 70 characters long.

And I have shitty memory—I wouldn't be able to remember what happened more than a few days ago if my life depended on it.

[majewsky]

> Within a margin of error, [the value of a measure is] zero.

Nitpick: Zero does not have a magnitude, so "a margin of error" is not remotely well-defined here.

[aidenn0]

Nitpick nitpick: margin of error can be either absolute or relative.