Its more than just inputting passwords manually.
With security guidance suggesting that we use unique, complex passwords for every site that we have an account on, it isn't practical to memorize every password that we use. It isn't safe to use the same password everywhere (which is what many people do). Password managers can create completely randomized passwords that you don't need to remember because they handle the storage of it. For example, the upcoming Jagex Account system FAQ says it allows for passwords of up to 64 characters in length and now allows uppercase letters and symbols previously not supported - you could create a very strong randomized password of that length, but it may be tricky to remember.
In theory, if a password manager is used correctly, our accounts across the internet will be more secure. But of course, the database which stores the password needs to be kept secure too. That's where the current problem is - Lastpass' breach showed that their database (at least at the time) wasn't properly secured, and it makes no sense to suggest a product that can't keep info secure.
There are 'local' based password managers that don't rely on the cloud for those that prefer to manage things themselves (where the security of the database is left to the user to keep secure, rather than a cloud provider at the exchange of only being able to access it on devices with local access to the database) but that's something that really should be left to each person to decide what 'risk' they want to take.
The tl;dr - if a password manager is going to be suggested, it should be one that can maintain a user's trust. I don't feel Lastpass should be the one suggested given recent events, and instead its better if people can do their own research and make their own decision on what they feel is best for them.
04-Mar-2023 16:02:32
- Last edited on
04-Mar-2023 16:04:21
by
Applejuiceaj
