|
|
|
|
|
|
by pb2au
4259 days ago
|
|
|
I disagree. When you use a password manager and separate passwords for each website, you're effectively eliminating an entire class of potential attacks, because any leaks from the website will not affect your accounts elsewhere (especially bad for accounts with privileges such as your email or bank accounts). In exchange, you use a password or key to locally decrypt the rest of your passwords. This means for someone to have access to your password store they have to (1) find a vulnerability in the password manager store file or (2) obtain access to your machine. Comparing these, (1) is much less likely than getting a password list from a server with more attack surfaces, and (2) would also leak your passwords even without a password manager. It may seem strange to think of all your passwords as being protected by a single password, but the key concept is that you aren't sending that password across the wire, but do regularly send the others. If your local machine is insecure, it doesn't really matter whether or not you are using a password manager. Obviously, it would be even more secure to have different passwords for each website and be able to remember all of them, but it's not a very reliable method of storage and puts too large a burden on the user. |
|
|
Then somebody managing to capture all my login details in different websites with a per website login in a particular time frame, they would need a year to capture all logins as i don't use all sites daily weekly, or even monthly.
One can discuss it short, one can discuss it long :) but you remain to put all your (generated) eggs in a single basket. A basket (computing security does not exist, it only delays things) that cannot be more secure then your mind.