[Champagn3Papi]

Care to explain this a bit more?

Having decent password hygiene, password rotation, secure password generation and all of that available via browser, apps and commandline IS a no brainer to me.

From a security standpoint you could say they are storing and keeping your passwords all in 1 bucket, while that is true it is encrypted and can be changed / tracked way easier then you would be able to without it.

What's the alternative? Keeping those passwords in your brain and create variants on that password? Sticky notes with passwords?

What about a NEED to share passwords with team members securely? Do you send them over slack / imessage / whatsapp?

Next to that it also functions as a database of accounts where you can see where you have an account with a password that has potentially be leaked and for "known" big providers they forward you to the change password screen in an instant.

To me having a proper password management tool that warns you if any of your passwords get leaked is really worth the price they are asking. Without it a lot of best practices often get lost due to time constraints.

[jrm4]

Sure. A long time ago, I had a gut feeling that 3rd party password management across the board was a bad idea. Three parties having secrets is objectively worse than two. I quieted that notion in my head owing to "experts" giving bad ideas (like yours above.)

The fallouts are happening andI was right. Ledger, was it 1Password? Whoever.

"Hygiene" and "User experience" and whatnot are dangerous weaselly ideas used by "security" companies to convince themselves that what they're doing isn't inherently a bad idea.

"No brainer" should never be used because security is inherently hard. As we have fully seen, you can't "easy user experience" it away. It's difficult.

Right now - every old person that y'all make fun of with their passwords in a little notebook? They're doing better than most.

Now. I do believe there is room for companies. But with the following example I'm going to prove how absolutely full of crap most of these security companies are and it's REALLY simple.

Indemnify me.

I will pay for your product that saves passwords if you IDEMNIFY me. You can have 10? 30? bucks a month if and only if when I get breached you pay me $100,000.

No one's going to take this deal, proving that they're mostly worthless.