[louwhopley]

What's your thoughts on keeping a separate Gmail password (that's not stored in the password manager, vs keeping it inside the password manager?

Assuming Gmail account is the core email behind majority of services, so breaching that account would allow password reset on most other services.

[4oo4]

You probably want 2FA as a means of separation instead. Not storing it in your password manager makes it more likely to be a weaker password since you have to manually type it in. However keeping your TOTP codes separate from your password manager, or better yet using a Yubikey that can't be phished means you get a long complex password that can autofill, but also means your Gmail can't be breached by just your password manager secrets leaking alone. Also, aside from the idiocy and amateurism of LastPass, password manager breaches/leaks are rare, as long as it's well designed and you have a strong master password.

[zwayhowder]

I have both. But it isn't weaker. To be clear my gmail password and my password manager password are both 40-60 characters long.

I also have TOTP and a Yubikey and a Passkey etc etc.

I was more protecting myself against a situation where my password manager was unavailable AND I needed access to my email urgently. Which has happened at least twice to me in the past.

Though to be fair once was Lastpass about 15 years ago when they reset everyone's password because of suspicious logs in an abundance of caution. That's right there was a time they were a "good" organisation.