I'm a tech savvy person and still don't use a pwd manager. I have a base password with extra stuff added at the end that I can figure out from the domain name. I want to use a password manager but it seems to me to not be easy as you claim.
It's nowhere near as easy as you hand wavingly claim it is. Last time I tried the one everyone said to use had been bought and everyone was saying don't use it, but the other alternative didn't work on mobiles (or something, I forget) properly. I even had one installed for a bit but it never seemed to work so I gave up.
It's still a broken ux with a non-trivial cost of using it.
I know I should use it, I know when I get hacked I will regret it. I do use 2 factor for the important stuff, because it works and is actually easy, unlike the bolted on clunkiness of password managers.
If password management software was so easy, my mom would use it and my dad wouldn't call tech support every week to figure out how to use his. I'll say that it's better than it has been, but I can't call it easy.
My point wasn't that an actual password manager would be easier. My point was that a text document on the computer would be as easy/easier to keep track of than a piece of paper.
It might reasonably be argued that it's less secure, since it's pretty hard to hack an air-gapped sheet of paper. But it's not harder to use.
Password managers help mitigate the second problem (passwords being hard to use correctly) but do absolutely nothing for the first one (passwords being easy for users to shoot themselves in the foot with by using them incorrectly). Even the most user-friendly, well-designed password manager is still less convenient than just re-using the same password everywhere.
Exactly - it's not just convenience. Without a password manager how the hell can you actually keep unique passwords that are completely unrelated on all your sites? You can't.
For me password manager is all about practicality.
reply