The Last Password

Scott Hardie | September 24, 2019
I don't use a password manager, but I've been tempted to get one because I keep seeing articles like this touting their benefits. If any of you use one, I'd appreciate some help figuring out one aspect that I don't understand.

I keep hearing that it's unsafe to use the same password on multiple websites. If hackers steal your data from one website, they can log into other websites as you. That makes sense.

A password manager lets you generate an infinite number of different passwords without having to remember them. But fundamentally, you're still using just one master password for the manager.

So if hackers steal your master password, isn't that just as bad as them stealing your password from a website? How is that more secure?

It's less likely to happen, because the password manager services presumably take their security more seriously than some random website. But if it does happen, you're still screwed, right?

In fact, you're even more screwed, because the password manager remembers the sites for which it's storing passwords. If a hacker steals my Google password, s/he doesn't know that I also have an Amazon account with the same password; s/he would have to go around the web trying different services and hope to find some of my logins. But once a hacker gets into my password manager account, there's a list of literally every website I access and the password to each one. Isn't that worse?

Am I wrong here? There could be something I'm not understanding.

Erik Bates | September 24, 2019
[hidden by request]

Scott Hardie | December 9, 2019
I neglected to get back to you on this, Erik, but those are good points. I don't know if it helps, but one of the advantages of owning my own domain is that every address @ my domain all routes to my real inbox elsewhere. So I can register a different email address with every service that I sign up with, AND there's no obvious login point to check the messages. I'll sign up with LastPass. Thanks for the insight. :-)