You using a password manager does not solve that this org stores your password in plain text and will email it to whatever’s on file when ANYONE clicks the forgot password button.
I hate passkeys, but I understand that without a password manager, they’re probably the best option. And for some god forsaken reason, like you said, most people just don’t use a password manager. I can’t even get my wife to use one, and I’ve shown her how easy it is.
(I do indeed use a password manager especially for online services, but for some things [like the PM itself] you can’t rely on it and need to remember a few, and a scheme helps for that. I also bet $10 you can’t guess one of my schemed passwords. To be fair, the way I do it it’d still be really hard to figure out the others even if you knew the system, which I will not reveal. I’d be impressed if you even guessed the system.)
I could upgrade it though, still. New system: book cypher.
To wrap it all together, password managers do have inherent flaws, but it’s better than all alternatives for passwords so far. The real argument is that passwords in general are a shitty authentication scheme.
Using a password management scheme of some kind does not optional. You cannot trust them with what’s effectively a master password.
A password manager does not solve this problem.
Oh it absolutely helps. Because if you’re using a password manager then every account you have should have a different password.
Most people who don’t use them just use the same password or a variation thereof for everything, making a leak much more devastating.
You using a password manager does not solve that this org stores your password in plain text and will email it to whatever’s on file when ANYONE clicks the forgot password button.
No, but it does severely limit the damage is what I’m saying.
I hate passkeys, but I understand that without a password manager, they’re probably the best option. And for some god forsaken reason, like you said, most people just don’t use a password manager. I can’t even get my wife to use one, and I’ve shown her how easy it is.
My password manager also holds my passkeys, so I really don’t mind them.
Using a password manager is not optional. Schemes are to easy to figure out and/or brute force.
Figure out mine then, right now.
(I do indeed use a password manager especially for online services, but for some things [like the PM itself] you can’t rely on it and need to remember a few, and a scheme helps for that. I also bet $10 you can’t guess one of my schemed passwords. To be fair, the way I do it it’d still be really hard to figure out the others even if you knew the system, which I will not reveal. I’d be impressed if you even guessed the system.)
I could upgrade it though, still. New system: book cypher.
To wrap it all together, password managers do have inherent flaws, but it’s better than all alternatives for passwords so far. The real argument is that passwords in general are a shitty authentication scheme.