Password Managers - Do You Really Need Them?

For the longest time I’ve just used the built-in password saver in Chrome or Firefox. Recently I had a couple of my accounts hacked. My SnapChat was most likely because I set it up with a password that I use commonly and never remembered to change it. My Uber account was hacked by someone with a Russian IP. My iCloud has never been completely broken into, but there have been several failed attempts over the past couple years where I’ve had to reset my password because someone kept trying to get into it using the wrong credentials, and one time I woke up to about 900 separate messages from different numbers, all in Chinese or something, all saying the same thing.

So I understand that no matter what I do, I can’t really stop people from sending me texts unless I want to block all unknown numbers, but I don’t really want to do that. I also can’t stop people from trying to log into my accounts. A password manager won’t prevent someone from making an attempt. I use 2FA on everything that gives me the option, just in case.

But what’s really the advantage over using something like LastPass or DashLane compared to just using the built-in password manager? Firefox has a master password option, which can help prevent someone from using your passwords if they get physical access to your device. DashLane requires me to enter my password any time I have closed out of it completely (so any time I start my computer, or if I exit out and open it again), and it offers 2FA. I’m not sure if Chrome has a master password. I’m not too worried about that though, because I keep a careful watch over all of my electronics.

What I DO like about password managers is using them to automatically generate and store super strong passwords. I imported all of my stuff from Chrome to DashLane and you can run a security report and have it change everything for you automatically, or select individual sites. For now, I’ve just updated weak passwords, and changing them to 20-long, random mix of characters. I believe LastPass has the same feature. I actually tried LastPass first because a guy from work recommended it, but I prefer DashLane’s interface.

But…you could effectively produce the same result in Chrome, you’d just have to do it manually. It would just take longer because it wouldn’t be automated.

So at that point, convenience aside, the only real difference is the company’s security policies. Is Google or Dashlane more secure? Which is less likely to get broken into and have all of your passwords compromised? I feel like it’s only a matter of time until they get broken into and all of your passwords and other data is compromised. Thus is the way of the cloud. And I feel like that is where the password manager shines. Convenience. If they are all compromised, you can reset a whole buncha passwords at the same time. But is it worth $4 a month?

This is more of a rambling / brainstorm than an official analysis. I’m too tired for that right now.

I’ve never used a password manager, I’d assume Google would have the more secure servers, but do password managers store the encrypted passwords on servers or locally on your machine?

I use KeePass 2 for the important stuff and Chrome for the rest

That’s kinda what I’ve been thinking. It’s Google.

DashLane keeps data on their servers IF you use their sync feature. If not, they are stored locally.