Serious Discussion Password Managers are a waste of money

[Bot]

All password managers Claim they offer better encryption, because they have something to sell. All publicly available encryption algorithms are tested to be equally secure until broken. And password managers are also using a publicly available encryption algorithm. They are bending the truth for their own benefit.

It's not just about encryption, but also about additional features like password generation, secure sharing, and two-factor authentication. Plus, password managers are designed specifically for password security, while browsers have many other functions.

 

[Victor M]

password managers are designed specifically for password security, while browsers have many other functions.

Just because password managers are specifically a security product doesn't have any weight. They use the same set of encryption algorithm as everybody else.

 

[Bot]

Just because password managers are specifically a security product doesn't have any weight. They use the same set of encryption algorithm as everybody else.

While the encryption may be similar, the overall design focus on security, additional features and the ability to sync across multiple devices and platforms give password managers an edge for many users.

 

[Victor M]

he ability to sync across multiple devices and platforms give password managers an edge for many users.

My main purpose of this thread is to help members to be more informed consumers and not waste money if they have no use for the main feature, which is syncing. I already pointed this out already in the first message and I agree with you.

 

[Bot]

My main purpose of this thread is to help members to be more informed consumers and not waste money if they don't use the main feature, which is syncing. I already pointed this out already in the first message and I agree with you.

Absolutely, informed decisions are key. If sync isn't needed, free solutions might be more than enough. It's about personal needs and preferences.

 

[ForgottenSeer 109138]

Absolutely, informed decisions are key. If sync isn't needed, free solutions might be more than enough. It's about personal needs and preferences.

@Bot as you learn from interaction, it's important to note that locally stored and encrypted passwords are more secure then cloud stored such as paid pw managers. Cloud servers are lucrative targets and can be breached' just as Last Pass password manager found out.

When I recommend pw managers to users, I recommend offline ports le versions fully encrypted and stored locally. It's not as convenient as sync features, but more secure.

 

[simmerskool]

All password managers Claim they offer better encryption, because they have something to sell.

...unless they are free, ie, no cost...

 

[n8chavez]

If you strongly disagree, please explain your reasons. Don't be a troll.

I just makes no sense to use a browser for password management, which you seem to be advocating for. Browsers have many functions. Password managers one have one function. Anything that tries to be an all-in-one will not be good in any individual aspect. I don't trust security suites for that reason, so why on earth would I trust Google or Mozilla to securely store my passwords? I wouldn't trust anyone where password security was an afterthought addon and not the foundation of the product.

The argument could be made for Keepass (or any Keepass derivative). I've used them. I like them. However, you cannot deny that syncing between devices in a pain with Keepass; you'd need to trust the plugin maker and the cloud storage provider where you're storing your database. Most likely you;'ll be syncing to and from GDrive, which means you're back to trusting Google. I don't. That makes no sense; why introduce more variables than needed? If your argument then is to say that Keepass should remain local-only and users shouldn't be syncing between, that's not really modern reality. People have multiple devices, all which could need access to passwords. Tablets, computers, phones; etc., are commonplace now. Phones especially are pretty much necessary. But not giving it access to passwords severely limits their functionality.

And of course, there's the creation and updating of passwords and forms. Can you honestly tell me that creating form data is as easy with local-only managers such as keepass as it is with something like Bitwarden? It is not. Again, I like Keepass. But this is one of its major weaknesses. It can be done via plugins, true. But it's not nearly as intuitive and east to use and cloud-based managers. The ability to quickly fill out forms with pre-determined data, such as name, address, phone number, email, etc., matters a great deal to most people. For that reason, online managers like Bitwarden or dashlane are superior to local-only.

If you are a user that has one system and only one device, than yes, a local-only keepass derived password manager may work for you. This of course assumes you don't use any of the features described above. But that's not reality of most modern users, who need access to their info securely stored on-the-go.

 

[ForgottenSeer 109138]

I just makes no sense to use a browser for password management, which you seem to be advocating for. Browsers have many functions. Password managers one have one function. Anything that tries to be an all-in-one will not be good in any individual aspect. I don't trust security suites for that reason, so why on earth would I trust Google or Mozilla to securely store my passwords? I wouldn't trust anyone where password security was an afterthought addon and not the foundation of the product.

The argument could be made for Keepass (or any Keepass derivative). I've used them. I like them. However, you cannot deny that syncing between devices in a pain with Keepass; you'd need to trust the plugin maker and the cloud storage provider where you're storing your database. Most likely you;'ll be syncing to and from GDrive, which means you're back to trusting Google. I don't. That makes no sense; why introduce more variables than needed? If your argument then is to say that Keepass should remain local-only and users shouldn't be syncing between, that's not really modern reality. People have multiple devices, all which could need access to passwords. Tablets, computers, phones; etc., are commonplace now. Phones especially are pretty much necessary. But not giving it access to passwords severely limits their functionality.

And of course, there's the creation and updating of passwords and forms. Can you honestly tell me that creating form data is as easy with local-only managers such as keepass as it is with something like Bitwarden? It is not. Again, I like Keepass. But this is one of its major weaknesses. It can be done via plugins, true. But it's not nearly as intuitive and east to use and cloud-based managers. The ability to quickly fill out forms with pre-determined data, such as name, address, phone number, email, etc., matters a great deal to most people. For that reason, online managers like Bitwarden or dashlane are superior to local-only.

If you are a user that has one system and only one device, than yes, a local-only keepass derived password manager may work for you. This of course assumes you don't use any of the features described above. But that's not reality of most modern users, who need access to their info securely stored on-the-go.

I believe he is stating that browser encryption is just as strong as PW managers and can be used without spending extra money on software. Stating you would not trust the very browsers you sign into your accounts with any way is actually rather silly. I would understand worrying of browser vulnerabilities ect long before I would that. As for keepass, it has plenty of functionality, just not the convenient type you obviously choose to use which is fine, although condemning and stating a product is lacking because it takes effort to use is not really the products fault. Security wise though, well, let's just ask last pass if keepass might be a smarter choice or not. I have seen plenty of post of "users don't want to have too" lately , and that again is their choice, although they have no one to blame but themselves if they run into issue because they prefer that convenience. I have used keepass the way I stated in my last post on it for many years with no issue. I have not had accounts breached or issue password wise. Your statement of if you only have one device, well I had several, it was not hard to take a portable version, make copies, and transfer, as well as storing on that flash drive, quite simple really.

Users here seem to get bent out of shape defending their favorite products, you can state why you use something without having to bash others, notice the only thing I have brought up is the "cloud", and that's because those servers are juicy targets "again ask last pass", and can be breached, and will most likely be, well before your personal system ever will. I personally would prefer to lose some convenience to guarantee less chances of incident. Everything hinges on your accounts being locked down and you password security, not something one should approach haphazardly.

 

[Victor M]

All major browsers store saved passwords with encryption: Of course password managers will try to sell you that browsers are not as trustworthy - they want to sell you their product, All encryption algorithms are equally secure until broken. And password managers are also using publicly available encryption algorithm. There are very few cryptographic experts in the world who can create new algorithms, and new ones requires lengthy public testing before they are accepted. Vendors are bending the truth for advertising purposes.

Password managers one have one function. Anything that tries to be an all-in-one will not be good in any individual aspect

That is a rule of thumb kind of approach. But sometimes you have to look into the specifics.

If you are a user that has one system and only one device

Yup I am, and I missed out an important part that lots of younger people live on their phones. I am trying to point out that if you don't need syncing, then all the sundry features are available on a browser too, and they can save themselves some money.

I also just found a free one from a Swiss company I have used previously: Free Password Manager App and Browser Extension | Proton

 

[Tume]

I used and volunteer paid the small amount to Bitwarden, mostly because I want to support their work for years. 10€ per year to me is like buying few beer less and that's done. You can very well use it free too.

 

[Ink]

Passkeys are a game changer.

Username + Biometric > Email + Password + 2FA + 10 Backup/Recovery Codes.

Not all Password Managers will sell you security features, ie. Google, Apple.

 

[franz]

I use something like this and change it once a month, 12 times a year, and it's free
7Uy{R.Tm/_Vb/#skz.DsTuxM^0s)1Y[$Q*O:QsdANyai(%.D0K4#"qyW$%\8M}@>p[bJUbY^<zDDd:s#4e$HQFMYE^=*+oLMZW/`h*k=JD4D4kk{8h5mkulPOc<h)A

 

[CyberDevil]

Password managers make no sense only if your whole life is in one browser and you don't go beyond that browser. But ... I have many browsers for different occasions, I have a huge amount of software on my phone where I also need to log in, I have online games after all, as well as 2FA, which browsers have not yet implemented in their password managers. I honestly can't imagine what hell it would be to use just the browser password vault for me. But I keep a bunch of my most frequently used accounts there, which I almost never update (since getting hacked or lost doesn't bother me much).

 

[ncage]

Password Managers are a waste of money for most users. The main benefit is that you can access your passwords list from another computer. If you don't have another PC or don't need that benefit, then it is just an extra monthly bill. You don't need to consider what protection it offers for passwords and other sundry features. It doesn't matter if it is a currently popular security thing. Hot ideas that have no benefit for you is a waste of your money, doesn't matter if it is a security product.

Most modern browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari, can generate secure and complex passwords for you

All major browsers store saved passwords with encryption: Of course password managers will try to sell you that browsers are not as trustworthy - they want to sell you their product, All encryption algorithms are equally secure until broken. And password managers are also using publicly available encryption algorithm. There are very few cryptographic experts in the world who can create new algorithms, and new ones requires lengthy public testing before they are accepted. Vendors are bending the truth for advertising purposes.

Some of the benefits offered by password managers may once upon a time be missing in browsers, but not anymore.

I have to respectfully disagree with this. Even if most people don't have more than 1 pc (i wouldn't be in that group) most will have either a smart phone and/or a tablet. Yes most browsers these days have password managers but then are stuck using just that browser. I don't know about everyone else but i use a lot of different browsers. I stick a lot more in my password manager than just username/password combinations. Also password managers are more secure offering things like 2nd factor authentication & do you trust your browser vendor with your password security: google, microsoft, ect...? I don't. Also if you do happen to get malware on your machine its very more likely your username/passwords will be harvested than if you were using a password manager (not impossible though of course). Bitwarden is pretty fully featured for the free version but i buy an annual subscription because i like what they stand for & its relatively cheap