[GrabbinD33ze69]

I don't understand why tech savvy people are doubting the security of a pw manager with a strong master pw; this wasn't a failure caused by a flaw in the concept of a pw manager itself, but by a company's shitty implementation and design (I mean c'mon, certain fields were encrypted but others weren't, and they didn't make it super obvious?).

[GrabbinD33ze69]

To add to my comment, if one's response is to point out it's difficult to trust the company's opsec, handling of your data etc then use something like bitwarden. If a fully open src online pw manager doesn't calm your nerves, self host it.

[TillE]

People are...very confused if their reaction to this is "cloud password manager bad". If only well-encrypted data were leaked, it really wouldn't be a big deal.

A properly designed online password manager is an extremely safe choice.

[GrabbinD33ze69]

Exactly... of the relatively tech savvy people I know who use this incident as some sort of vindication for their choice to not use a pw manager, are the same people who either store passwords in plaintext electronically, or write them down but use passwords that have a weak keyspace and are under 10 chars. I'm pretty sure I read an article from a month ago wherein 4 rtx4090s could chew through the hashes of 8 char passwords with a strong keyspace in a few days or hours.