[abdullahkhalids]

I bet that Google+Apple+Microsoft could have gotten 95% of the world on password managers by building excellent password managers into the OS, and demanding that one can only login into their websites with passwords that have at least 100 bits of entropy.

And it could have been done 10 years ago.

[skybrian]

I don't think a password manager would get much adoption if it refused to save the passwords you already have?

Google's password manager does nag you about bad passwords, but it's easy to ignore.

Looks like it's been around ten years since it was introduced. It doesn't seem like enough.

[abdullahkhalids]

Microsoft and Google forced organizations that were using their services to upgrade to 2FA over a few years. For a short bit it was optional, after that it's basically not possible to use these services without 2FA. Now even many grandmas are familiar with the idea that sometimes you have to copy a code from your sms to a website when logging into your bank account.

They could have done the same thing with passwords. They have 100s of millions of organizational users, who will do whatever corporate IT tells them to do. Microsoft can say, there is a password manager available on Windows. From now on, organizational users must use 100 entropy bit passwords. IT tells users - users must store passwords in the password manager and use the browser extension.

After three years of users resisting, everyone will give in. Same for university students, who will need it. After that the rest will adopt easily because it is the default thing to do.