On 6/5/24 22:12, Joel Halpern wrote:
I think you are overgeneralizing in several regards.
If you only need your passwords on one machine, use a local password
manager (and back up the encrypted file).
If you need to have your passwords accessible on multiple machines,
you are going to have to do something more complicated. Whether that
is using a distribution mechanism, using cloud storage, or some other
choice I haven't thought of is up to you (I do not pretend to be a
security expert).
However, it seems that in all of those cases, ueing several different
products can only reduce your safety, as it creates more exposure as
far as I can tell.
I seem to recall several incidents in which password managers have been
compromised. So I think it's hard to make a responsible statement in
favor of password managers in general.
Of course, every user's threat situation is potentially different and
requires a separate analysis. But having "all of your eggs in one
basket" doesn't seem like good general purpose advice.
Keith
