[jmclnx]

I do not understand why people need to use these things, maybe they make it easier and more secure for Cell Phones ? I never use my Cell Phone for anything Finance or Medical Related.

But for me, I keep an encrypted text file and get the passwords my using emacs or vim. I generate passwords using:

tr -cd "[:alnum:]" < /dev/urandom | fold -w 16 | sed 10q

and with the result I may replace 1 character with what they call a "special character". To me that avoids a lot of worry.

[o1y32]

> I never use my cell phone for anything finance or medical related

Do you realize that 99.99% of the population in the world, including maybe 99% of the people here, don't do that? Similar to those comments that say "I don't use a cell phone", sorry what is your point? You realize that your very unique way of living and your life experience don't apply to others, and your comment is meaningful to just about nobody but you? Do you actually expect people to read your comment from there?

[whatwhaaaaat]

Just chiming in to say a text file encrypted with vi storing passwords is a heck of a lot more common than you seem to think. I know at least one team who use this method and there is a reasonable chance you’re interacting with some of their infrastructure secured by this method right now.

It’s about as secure as anything (esp after the swap file issue was resolved).

[monsieurgaufre]

I’m note sure what your definition of common is but i can say that this way of storing passwords isn’t.

[whatwhaaaaat]

Yes it is

[monsieurgaufre]

Your position implies a lot of specific knowledge about technologies and how they work. It hardly fits with the definition of "common".

[danielbln]

What's with these comments who can't possibly conceive why a certain product is popular and in use. Convenience, sharing, application integration, recovery, 2FA, passkey, SSH agent integration, the list goes on. LastPass is kind of bad considering their avoidable security snafus, but there are more reputable vendors out there.

Yes, you can roll your own, but that's not a scalable solution if you're an org or have requirements that lay outside using a Textfile.

[dwheeler]

Agreed. I've used vim for decades, and also use a password manager. I have a laptop and phone, and routinely use multiple web browsers. I want to sync encrypted passwords across devices, and auto fill in when I visit a a website... and websites infuriatingly vary.

1Password and Bitwarden help with this. Your use case might be different and that's fine.

[forty]

"people" don't know what is Emacs, vim, tr or urandom for any reasonable definition of "people".

I work for a company that makes a password manager, and at least one clear benefit, versus copy/pasting from somewhere, even for tech savvy users is phishing resistance (the password manager browser extension should not fill your password on a website which doesn't match the website associated with that credential) which is how password gets stolen in practice when they are not reused (not re-using is the main benefit of a PM, but your home-made system does solve that issue too)

They are other benefits more on the convenience side (mobile as you mentioned and even not having to switch app each time you need to grab a password...) which matters more for most people than security (or so they believe at least)

[Havoc]

You genuinely can't picture a world where people don't want to use emacs/vim to sign up for a website?

[spdif899]

It's probably safe to say that 99% of people using this sort of password manager don't know what emacs and vim are, and additionally use their cell phone for most of their online computing.

If you look at it from the opposite perspective the value is clear - this isn't a tool for people who can generate and store their own passwords, it's a tool for people who got their Facebook hacked because they used the same password for everything for years and hey, this app can help avoid that mom, let me show you how.

[commandersaki]

My bank has gimped the web interface of banking services.

Similarly government services gimp the web interface of tax, medical, etc. and try to push you onto mobile apps.

I can't fight this trend. Good for you that you can opt out of this nonsense.