Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.
Someone breaking into your password manager is a lot less likely than someone breaking into one of the dozens or even hundreds of services you probably reuse passwords on.
Exactly. Without a password manager, every single service you have reuses your password on is a security risk, because any one of them will compromise the rest. And it has repeatedly been demonstrated that even large software companies don’t follow best practices regarding passwords. So any one of them being compromised is a risk. With a password manager, as long as it is properly encrypted and secured with a strong master password, the only point of attack will be your master password.
It’s less about keeping all your eggs in one basket, and more about reducing attack vectors that hackers have access to. With reused passwords, every single individual service is a potential vector of attack.
Several of the larger password managers have started requiring MFA on new accounts. Bitwarden, for example, now requires at least an email verification. They encourage you to use other MFA methods instead, like an Authenticator app. But they at least have the email as a last-ditch “fucking fine, you really don’t want to install an Authenticator app? Here, we’re forcing you to use this as the bare minimum” backup.
Exactly. Without a password manager, every single service you have reuses your password on is a security risk, because any one of them will compromise the rest. And it has repeatedly been demonstrated that even large software companies don’t follow best practices regarding passwords. So any one of them being compromised is a risk. With a password manager, as long as it is properly encrypted and secured with a strong master password, the only point of attack will be your master password.
It’s less about keeping all your eggs in one basket, and more about reducing attack vectors that hackers have access to. With reused passwords, every single individual service is a potential vector of attack.
And do yourself a favor and get MFA on that password manager. That dramatically increases the skill level needed to hack your master pass.
Several of the larger password managers have started requiring MFA on new accounts. Bitwarden, for example, now requires at least an email verification. They encourage you to use other MFA methods instead, like an Authenticator app. But they at least have the email as a last-ditch “fucking fine, you really don’t want to install an Authenticator app? Here, we’re forcing you to use this as the bare minimum” backup.
And that’s how it should be. In fact, I switched banks to the only one I could find that had MFA, because I value security as an option.