| 0. If the FBI/Mossad/etc. want my passwords, they can threaten to cut my toes off one by one and I'll just give them the passwords. So they're outside of my threat model. 1. All my important stuff has two-factor auth, so a malicious password manager company couldn't get in anyway. 2. If you're using one of the major vendors with a reputation and a paid service, that produces a fairly strong incentive for them to not be intentionally malicious - if they were caught distributing an update that made it possible for the companies to see your passwords, nobody would ever use them. (All the major password managers do client-side encryption; they don't store plaintext passwords themselves. They do distribute the client that lets you decrypt passwords, but that's it.) So that leaves accidental risk (bad crypto, hijacked update chain, client-side vulnerabilities). Out of the options, I'm comfortable with the track record of 1Password in particular. I'm very interested in open-source options, but the major ones are all proprietary and the open-source ones are all volunteer-driven and I think the risk tradeoff is wrong. It's not a decision I feel 100% comfortable about but between the options of proprietary-but-professionally-maintained and open-source-but-hobbyist-maintained the former seems vaguely preferable for security-sensitive software, especially given that one of my requirements is I want to use a password manager extension. Shameless plug, I have a personal digital security podcast and we took a look at various password managers and their security track records recently: https://looseleafsecurity.com/episodes/password-manager-secu... |