Good luck trying to convince anyone who is not already using it. I've tried super hard to get my friends and family to use a password manager but they brush it off as a joke. Even when they lose their account it doesn't seem to bother them. They just create a new one. It's a dead race.
I don't think you have to tell that to people on HN, but regular people will not be able to use most password managers. Not even 1Password is really user-friendly and it's the most mainstream one.
The included one on macOS is hidden in some setting panel.
For non-technical people the best authentication method is probably their phone (Passkeys, or tokens sent to their email address).
The included one on macOS is hidden in some setting panel.
As long as you stay in the Mac/iOS walled garden, you really don’t need to access the Settings page/app. Safari and most apps will happily pull the user/pwd from the manager for you. I’ve used for a few years now (after tiring of the mediocre UX of several other managers).
Most (all?) major browsers now have built-in password managers which are intuitive enough for regular people and provide sufficient security against these attacks.
And yet, passwords get guessed, stolen, re-used all the time. If you talk to regular people they still use pet names + a number because they want to be able to type it in everywhere.
It's not a solved problem, even if a rudimentary password manager is in most browsers.
Personally I don't know a single person outside of my tech bubble that uses passwords that you can't keep in your head, or write down on a piece of paper on their desk.
There's a simple trick to having a password that's easy to type, easy to remember, and is pretty darn secure: repetition. Just take your pet's name or whatever, type it several times, and then finish it off with a number or whatever. Should be resistant to typical dictionary and brute force attacks.
And you already identified the main problem with this strategy: "repetition".
As it's not possible to remember n passwords for n sites, if one of them gets hacked "darn secure" isn't so secure any more. The main point of password managers is that you don't have to remember your password and if it leaks out on one site, it doesn't matter as it's only used on that one site.
In this case, unfortunately, at least as it's being described publicly, your detailed information was at risk if someone you are (even distantly) related to failed use a long, random, unique password.