Serious Discussion Browser vs. Third-Party Password Manager: Which Is Best For You?

[Parkinsond]

making it inconvenient to constantly think of a new strong password for each account

Norton Password Generator - Generate Strong Passwords

Generate strong and secure passwords. Try our free random password generator today at Norton.com.

us.norton.com

 

[Wrecker4923]

relying on a service that generates strong passwords would be more convenient.

Once you have many accounts, URL matching (helping with phishing resistance) for autofilling and filtering may help as well. I swear some people on the Bitwarden forums have claimed they have 1,000+ account credentials.

Of course, a password book for recording strong generated passwords would be another method of keeping your passwords. There would be no wholesale infostealer theft. Not much estate planning is required, but there are also problems with backups for some people.

when a user has a larger number of accounts,

I started with using the same passwords everywhere, then continued with patterned passwords until I began having problems keeping track (not even that many accounts) when I started using a password manager (I never liked using a spreadsheet to keep track; too many chances to ruin multiple records at once). Once my passwords started leaking, I became too paranoid to even use the patterned passwords, resulting in using a password manager becoming completely entrenched. Once I needed access on multiple devices, Bitwarden became the go-to (since it's free).

 

[piquiteco]

Nowadays, you are statistically far more likely to face a phishing scam than a full-blown info stealer infection. Browser managers are superior for this specific threat because they bind your passwords to the URL. If the site is fake, the browser won't autofill. I’d rather have that protection against the most common daily threat than worry about a 'what-if' scenario where my PC is already infected.

I think this is unlikely, at least for me, since I use Kaspersky's denial mode by default, in addition to KeyScrambler Premium and Spyshelter, which have protection against keyloggers and anti-screen capture. PS. I have done several tests with various samples of malware and info-stealers, all of which captured only black screens and what I typed on my keyboard, only numbers. So far, nothing has gotten through, so I am safe using this method on my laptop.

Spoiler: Kaspersky

 

[ForgottenSeer 123960]

I think this is unlikely, at least for me, since I use Kaspersky's denial mode by default, in addition to KeyScrambler Premium and Spyshelter, which have protection against keyloggers and anti-screen capture. PS. I have done several tests with various samples of malware and info-stealers, all of which captured only black screens and what I typed on my keyboard, only numbers. So far, nothing has gotten through, so I am safe using this method on my laptop.

Spoiler: Kaspersky

View attachment 295678

Your software stack is completely irrelevant to my point. Phishing does not require executing malicious code on the local machine; it requires tricking the user.

 

[piquiteco]

Your software stack is completely irrelevant to my point. Phishing does not require executing malicious code on the local machine; it requires tricking the user.

Better yet, I receive emails every day with phishing URLs, which I forward to Phishtank, Netcraft, as well as Safebrowsing, McAfee, and Kaspersky. To date, I have never found a malicious or phishing URL that was convincing enough to fool me.