It’s pretty safe. Competent password managers will be heavily encrypted. Having your passwords hacked is essentially unheard of. You don’t have to worry about it being on someone else’s computer as without your master password the password file is useless.
I think the biggest case was LastPass, and they did it by getting a keylogger onto a developers PC to get at their password, but afaik customer passwords were safe unless your master password was weak or reused from a breached one.
But, a notebook isn’t hackable at all. But then the people around you could potentially get into it, which is a far more likely threat for a ton of people.
Either way use 2FA at every site that will allow it.
LastPass’s biggest problem was that they were almost the first in the game, and mistakes/choices they made 20 years ago bit them hard when they got hacked.
There were two major issues with LastPass’s security model:
Non-Password data wasn’t encrypted. So usernames and urls were visible by the people who stole the vaults.
Passwords were encrypted with a number of iterations based on when the account was created, so older accounts were only run through a single iteration. The iteration process makes it much harder to guess the master password(by making it take a longer time). So single iteration makes it pretty quick to guess the password.
So with flaw 1 you could see what vaults might have valuable passwords like banks and crypto wallets. And with flaw 2 you could reasonably quickly break into the vaults of long time users.
So aside from their lax security allowing the compromise to happen in the first place (Nothing is fool proof), they weren’t providing the level of protection most people assumed.
More modern password managers like BitWarden fixed those problem a long time ago.
It really depends what the user fills it with. “Clever” solutions like using your daughter’s birthday, or other hard-to-remember-but-easy-to-deduce strings.
It should be accompanied by a little machine that spits out random passwords, I’m thinking a rubics-cube-shaped bling pendant at the end of the bookmark band.
Best option for non techies at home.
I’ve not found anything better. Storing on my computer, or worse someone else’s computer, doesn’t seem safe.
It’s pretty safe. Competent password managers will be heavily encrypted. Having your passwords hacked is essentially unheard of. You don’t have to worry about it being on someone else’s computer as without your master password the password file is useless.
I think the biggest case was LastPass, and they did it by getting a keylogger onto a developers PC to get at their password, but afaik customer passwords were safe unless your master password was weak or reused from a breached one.
But, a notebook isn’t hackable at all. But then the people around you could potentially get into it, which is a far more likely threat for a ton of people.
Either way use 2FA at every site that will allow it.
LastPass’s biggest problem was that they were almost the first in the game, and mistakes/choices they made 20 years ago bit them hard when they got hacked.
There were two major issues with LastPass’s security model:
So with flaw 1 you could see what vaults might have valuable passwords like banks and crypto wallets. And with flaw 2 you could reasonably quickly break into the vaults of long time users.
So aside from their lax security allowing the compromise to happen in the first place (Nothing is fool proof), they weren’t providing the level of protection most people assumed.
More modern password managers like BitWarden fixed those problem a long time ago.
One master password to rule them all, One server to find them, One password to bring them all, and in the darkness bind them.
Yeah I use 2FA with the master notebook.
The trick is to use code language, and don’t forget the code. Then you can use digital sources more freely, I feel.
My ex kept her’s in an unprotected excel file. I never peeked, I was just surprised when I saw her accessing it on her laptop.
All the effort of inputting data into a password manager, but none of the security.
It really depends what the user fills it with. “Clever” solutions like using your daughter’s birthday, or other hard-to-remember-but-easy-to-deduce strings.
It should be accompanied by a little machine that spits out random passwords, I’m thinking a rubics-cube-shaped bling pendant at the end of the bookmark band.