| Sharing a short post I posted a year ago with some thoughts on password managers. ## The password-management promise > I don't buy the promise behind 1Password or LastPass. > You only need to remember one password.
The last password you'd need to remember. > They don't tell you that you're also building a one-stop shop for hackers to steal it all at once. > The solution? > Store hints, not passwords. > Don't reuse passwords. Use algorithmic passwords instead. > Use passkeys and security keys. https://sketch.nono.ma/the-password-management-promise --- I've always preferred 1Password and Bitwarden to LastPass. I still prefer to encrypt sensitive data and "secure notes" with custom workflows (GPG keys, for instance) instead of relying on third parties, and even more when the data would be store in the cloud, in a centralized location. I can't imagine the nightmare of having all your secrets exposed, not just for the risk of it but for having to reset all your exposed accounts. (+1 to GPG encryption.) |
So even if they know my 1password username and password they still can't really do anything with it. And if they steal my device, they would need to know my login password. Or cut off a finger, I guess, but I've got bigger issues if that happens.
They don't all work this way, but 1Password seems to be by far the best and most secure option, and IMO the convenience of an online password vault simply outweighs the tiny risk with a proper vault like 1password.
No idea why anyone has stayed with LastPass after the fiasco a couple years ago though.