Regular readers of this blog know that I’m not a fan of password managers because using one is like placing all of your eggs (i.e. your entire digital life) into one fragile basket.
Think about it for a moment. If the passwords to all of your online accounts are stored in a single database, what happens if that database is somehow breached by hackers?
That’s right – the hackers will have immediate and full access to your entire digital life!
The companies behind the most popular password manager apps and services go to great lengths to explain how their products safeguard your passwords and the precious stored data and information they protect.
Truth be told, they really do put in a great effort to make their products as secure as possible. Unfortunately, that doesn’t really matter. Here’s why…
As this quick Google search shows, there have been numerous incidents in which some of the most popular password manager tools were either breached outright or flaws in the software would have made a breach possible had they not been discovered and patched.
Two of the most prominent examples are the OneLogin and LastPass breaches, both of which were extensive and quite serious.
I’ve said it before, and I’ll say it once again: Password managers aren’t as secure as most people believe them to be.
After all, they are just software products at their core, and all software products have the potential to be “buggy” – and thus potentially breached by hackers.
If a single app or online service is storing all of your usernames and passwords, it’s easy to figure out what would happen if that app or service were to get hacked.
Now all of the above being said, there’s yet another reason why using a password manager app is a bad idea: If you forget the master password or otherwise get locked out of your account, you’ll be unable to log in to ANY of your online accounts unless you’re able to reset those passwords on their respective websites.
That’s why I recommend skipping password managers altogether and using strong, yet easy to remember passwords instead.
Bonus tip: After you have your passwords squared away, I recommend that you also enable Two-Factor Authentication on every account that supports it to lock those accounts down tight.