• Viking_Hippie@lemmy.world
    link
    fedilink
    arrow-up
    2
    arrow-down
    2
    ·
    edit-2
    3 months ago

    The main advantage of a password manager is that you can have a different password for each account. Which means in case of a leak you won’t be in risk of losing other accounts

    Except it’s the opposite: if someone gets the master password for your password manager, that’s all of them.

    And I don’t think I want to remember 300 pass phrases with different words.

    That’s another advantage of the pass phrase over the easily remembered password: repeating an uncrackable passphrase doesn’t pose the risk that repeating a guessable password.

    You can use RentMauriceHouseHurryNow for all your accounts and they’ll all be safer than a billion different strings protected by a single guessable master password.

    Especially if you’re not in the tiny minority of people who actually knows a Maurice who isn’t called The Space Cowboy by some people.

    • Johanno@feddit.org
      link
      fedilink
      arrow-up
      5
      ·
      3 months ago

      Using the same password (no matter how secure it is) for all accounts is a bad idea.

      Assuming you have at least 20 accounts with sensible data, and you don’t even remember that 5 of them exist.

      Now shittywebsite.xy gets hacked and all data is unencrypted and unhashed.

      So now [email protected] with yourSecu4ePassPhrase is leaked.

      You now quickly try to change the password on 15 accounts with the same email and password. But you forgot the 5 accounts you made years ago. Now after some time hackers login into the the old accounts and get your credit card info or whatever.

      Great idea!

      Yes my password manager is a single point of failure, but it is one I personally control and have the view over.

      • Viking_Hippie@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        3 months ago

        Good point.

        A series of pass phrases that you can remember yourself is still better than relying on a password manager that can ALSO expose all of your passwords, none of which you remember.