[oefrha]

LastPass was founded in 2008, and an 8 character master password was clearly inadvisable back then, as it was already in the nation-state-can-crack-it territory, and computing power was rising rapidly.

I started using 1Password in ~2010, not long after the founding of LassPass, and my first master password was 30+ characters, 90+ bits of entropy. After a few years I upgraded to 50+ characters, 140+ bits of entropy. Good luck cracking that even if only one round of PBKDF2 is used.

But I suppose you have a fairly loose definition of "security-minded".

[anonym29]

One malicious JS script being inserted on the page where you enter your master password.

One supply chain attack.

One upstream dependency.

One contractor clicking one wrong button in an office document.

Your entire digital life compromised, in that one click.

[weq]

I totally agree that Password managers lead to bad security practices. Yeh your a mhad dog for easily generating different complex passwords for every websites, but at the same time you paint a massive target on your head being part of the honey-hole.

Based on history, if you store a password in a obfuscated location on your computer, and you copy and paste it into every websites, its more secure then using a password manager in my opnion. Sure you wont be able to login to every secure websites from every device you have; but SHOULD you be? What is the price of that convience?

[oefrha]

I don't know how your comment is in any way related to mine, as I was responding to the claim that 8-character master passwords were considered safe <some time in or after 2008>. TFA also doesn't mention any evidence of keylogging.