Does anybody else not use a Password manager? I don't trust them. On the other hand I have a jillion UN & PW running around my head.
Never used one. It's this intrinsic aversion, like storing every dollar in one piggy bank. I store frequent, non-shopping/banking-site passwords in the browsers' managers. Don't do any banking online For all sites, I write it down. That more than anything saved me from the inconvenience of creating a new password. I check the site haveibeenpwned now and then. It's been clean; hope it stays that way.
I don't bank online but I do purchase stuff online at times. There is no way I could remember most of my passwords as they were randomly created by my password managers.
Spoiler: off topic reply to XIII :) It's nice to have your bank within easy walking distance. I also use my offline phone. In some scenarios, why complicate your life?
I don't use a password mgr per se. I have a secure app on my phone that I manually create and store my passwords. If I need to refresh my memory about a password (which I now frequently do as I age) I go there. I can either copy and paste, or manually enter.
I have to make everyone at work use one else they use the same password for everything. And leave sticky notes lying around. Not acceptable.
I use one that stores data on my system and not in cloud. I rarely use it, as I remember password for frequently used services an sites. For those I don't visit often I sometimes have to get password from manager.
I'm not using one just yet. However, the following video explains why they can be trusted. Responses to Your Three Common Password Manager Objections https://www.youtube.com/watch?v=l1U-1rBfLFs
3-4 random words. --------------- The logic behind three random words https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words
I have Sticky Password Manager for all my accounts and software licenses. I use SPM local database only and have Cloud Sync disabled. I keep a copy of the SPM (encrypted) database encrypted with PowerArchiver on an external HDD and in an encrypted email.
I don't trust password managers when it comes to storing my passwords in the cloud. I do use one for storing passwords on my disk and of course it's blocked from making outbound connections. I also do use the password manager in Vivaldi for less important sites, some with and some without 2FA protection. And I block non-trusted apps from getting access to Vivaldi's profile folder, which should block them from getting access to browser passwords.
Watch the video I posted. Your passwords are encrypted before being uploaded to the cloud, and there is no way for anyone other than yourself to decrypt them.
I will watch it, but I think it's more a matter of trust. I'm sure that from a technical point of view, this stuff should be pretty secure. And of course these password managing companies will be ruined by bad press if somehow user accounts will get compromised.
There has to be a line drawn between whether or not the PW manager is used only locally (outbounds blocked if necessary) or used on teh webbernetz across devices and/or dependence on the remote service as an archive/backup. I don't trust the latter. Limited to my desktop PC, my manager database, holding about 60 account login data, spanning 20 years, is also a storehouse for other related data, e.g. the entry for my AT&T online account (with a 32 character PW) also stores my account number, the device's model and serial numbers, SIM card, IMEI, etc. numbers, where and when purchased and the path to the receipt in Documents. The manager's "Notes" field is quite handy. Accounts for banking, credit cards, home, auto and health insurance among others have heavily populated notes fields as well, especially the answers to those like "name of the first person who dumped you in high school" challenges. The only password I need to remember is the manager's 24 character one which depends more on rote muscle memory at the keyboard than my brain. I was never wild about going all in online until services began offering discounts for going paperless. Off the top of my head, I'm saving about $200 a year. I figured why not throw everything else in there? There can be more to a password manager than passwords. I routinely export the database to an HTML file, that and the database file stored on a USB stick and printed out, both stored in a fireproof safe. The data file itself is included in my daily backups to my NAS. I have no online accounts for bureaucracies, with taxes and fees being paid with checks, my thirty year old account being kept alive just for that, knowing how much it annoys 'em. I do use Firefox Lockwise for unimportant accounts, like forums and news sites. That said, once HTTP/3 with it's QUIC-protocol (ChaCha20 and Poly1305 stream ciphers) goes mainstream, I might change my mind about online password managers.
I'd like to say yes, BUT... I definitely use one. While my memory is still fairly good, there is no way I could remember all of my 209 unique passwords, most of them created by the password manager. I live 8135.38 miles as the Google crow files from my nearest bank I do not have a lot of options regarding on-line banking. Not only that a lot of things are becoming on line required.
The only password manager I use, is myself. For me the most safe and simple option is to store the passwords (and pin codes) outside my devices.
There is probably no-one here that could remember multiple PM created passwords. But, you would have a much better chance of remembering them, if you created the passwords yourself..."Krusty...member...124773"
Yup same here. Matter of fact, I have been using one myself for years personally. We just purchased 1Password at my job, so it is on my list of things to roll out to end users before the end of the year.
You may read one expert's view on why he uses browser-based password managers. https://lock.cmpxchg8b.com/passmgrs.html Courtesy of @plat1098
Wow no way really? I guess people can change. There were a few things I did not care for about Bitwarden for the employees. 1Password won out in the end. I still have not even started on deployment yet.
