Encryption can be decrypted. A password manager encrypting your passwords is like saying your car has working brakes. It’s totally unsafe to even consider operating without but it doesn’t say much when it is there.
It’s not a matter of “why should I trust them” but “why should I trust them more than the system that already exists”. I get the appeal, but the hole is big.
If I forget a password I reset it. If I forget my manager’s password can it be reset? Is the reset option, if extent, susceptible to attack?
If an account gets compromised it could have moderate repercussions, but probably minimal depending on the account, with maybe a couple exceptions. If managed passwords get compromised that’s potentially everything. There has not, and likely never will be, an impenetrable system, so it is a possibility if not a concern.
Heres a novel I wrote since some may see this as a reason not to use password managers. There are several steps to mitigate all of these concerns. For instance, using a hardware security key for cloud based managers in order to basically stop the biggest threat to you which is phishing. For forgetting your master password, the solution is an emergency sheet, have at least one backup offsite. Arguably the best thing you can do to keep yourself safe is having multiple backups of your vault, just follow the 3,2,1 rule like how you should be doing to begin with. Its true that theres no absolutes in this world but “cracking” the encryption and bypassing any other security obstacles put in place by an actual reputable manager or yourself should be the very least of your concerns. Companies recognize that people dont practice good security thats why 2fa is pushed on to them but that shouldnt be a replacement for good security practices especially if the 2fa is weak to begin with. Thank god we will be using passkeys soon tho. Also to answer the question the password managers I used dont allow the vaults password to be reset as a security measure but do allow the vault to be deleted so keep your email at the very least protected as much as you can, as you should be doing already, since if that gets overtaken youre shit out of luck with all the accounts tied to that email which brings up the topic of email masking/alias but thats a different burrito altogether.
Encryption can be decrypted. A password manager encrypting your passwords is like saying your car has working brakes. It’s totally unsafe to even consider operating without but it doesn’t say much when it is there.
It’s not a matter of “why should I trust them” but “why should I trust them more than the system that already exists”. I get the appeal, but the hole is big.
If I forget a password I reset it. If I forget my manager’s password can it be reset? Is the reset option, if extent, susceptible to attack?
If an account gets compromised it could have moderate repercussions, but probably minimal depending on the account, with maybe a couple exceptions. If managed passwords get compromised that’s potentially everything. There has not, and likely never will be, an impenetrable system, so it is a possibility if not a concern.
Heres a novel I wrote since some may see this as a reason not to use password managers. There are several steps to mitigate all of these concerns. For instance, using a hardware security key for cloud based managers in order to basically stop the biggest threat to you which is phishing. For forgetting your master password, the solution is an emergency sheet, have at least one backup offsite. Arguably the best thing you can do to keep yourself safe is having multiple backups of your vault, just follow the 3,2,1 rule like how you should be doing to begin with. Its true that theres no absolutes in this world but “cracking” the encryption and bypassing any other security obstacles put in place by an actual reputable manager or yourself should be the very least of your concerns. Companies recognize that people dont practice good security thats why 2fa is pushed on to them but that shouldnt be a replacement for good security practices especially if the 2fa is weak to begin with. Thank god we will be using passkeys soon tho. Also to answer the question the password managers I used dont allow the vaults password to be reset as a security measure but do allow the vault to be deleted so keep your email at the very least protected as much as you can, as you should be doing already, since if that gets overtaken youre shit out of luck with all the accounts tied to that email which brings up the topic of email masking/alias but thats a different burrito altogether.