|
|
|
|
|
|
by nosideeffects
4048 days ago
|
|
|
That is a sweeping generalization about security habits of non-users of Lastpass. My point is that the security-consciousness does not necessarily go hand in hand with using a password management system. If someone gets into your single point of truth, they not only have all your passwords, they know about all your other accounts after - needing only to break into just one of them. |
|
|
Odds are, people compromise on many or all of those things (even smart or meticulous ones). What you sacrifice with a password manager is a single point of failure. Although, that's a bit dire, generally (and arduously) you could reset those passwords one-by-one if you lost your master password and/or database.
What I like though is that the exposure of your master password is controlled by you and limited between your keyboard and the application (and the various few things in between; the OS, perhaps RAM, etc). This is usually a lot more narrow than the path your passwords usually take (your browser, http, their server). Because it's a single password (and I'm not limited to a site's stupid max character or other constraints), I can make it as obnoxiously long as I'd like--and I don't have to try 3 or 4 obnoxiously long passwords because I can't remember if I typed the wrong one or if I typoed the right one until I get locked out of that website.
Like I alluded to earlier, I also like knowing how long ago I changed my password, what it used to be (in case my db is updated and I didn't quite change my password like I thought I did), unsecure or duplicate passwords (as I migrate them over), or if there has been a database compromise on their end and I though update my password. I'm kind of surprised nobody has released features to automatically change passwords on specific sites.