
Dashlane's Super Bowl ad proves password managers have arrived - lapost
https://www.wired.com/story/dashlane-super-bowl-ad/
======
jordanpg
The biggest problem I see for the widespread adoption of password managers is
the problem of edge and corner cases.

I can teach my parents how to use one of the more user-friendly ones, like
Dashlane or 1Password, and it works great much of the time.

But for some percentage of sites, for a variety of reasons, the standard steps
don't work: non-standard web forms, Javascript games, browser updates, obscure
password rules, just to name a few common issues. For non-technical users,
these issues are blockers -- indistinguishable from show-stopping bugs from a
UX standpoint.

Since using a password manager really needs to be an all-or-nothing
proposition in order to get into the habit of using it 100% of the time, this
means that most users will not use one.

I'm sure the commercial managers will get better at addressing some of these
over time, but I do not see a product that works flawlessly 99.9% of the time
emerging anytime soon.

~~~
apeace
An edge case I come across quite a lot: entering a long, random password into
a new device (where copy-paste is never available).

I just got a new TV and wanted to sign into my Amazon Prime account.
Unfortunately for me, that meant I had to enter my 32-character
numbers/lowercase/uppercase/symbols Amazon password using the TV remote. I did
not get it the first time.

A few months ago I got a new iPhone. They wanted me to type in my iCloud
password so that all my settings and data could transfer automatically to the
new phone. Similar results.

~~~
Moeancurly
XKPasswd[0] is a nice tool to create easy to type and strong passwords. I set
my own config with a structure that is specifically easy to type on phone
keyboards but still has high entropy.

[0]: [https://xkpasswd.net/s/](https://xkpasswd.net/s/)

------
1024core
> Last fall, 1Password took in $200 million of outside money.

(insert "but why?" meme)

All I want from a password manager is to securely store a list of passwords.
That's it. Add in copy/paste functionality, and I'm all set.

I don't want to pay a monthly fee just to store a KB or two of data.

~~~
velomash
IMHO paying for password storage solutions is the best way to get security. A
robust solution will need updates, fixes, and improvements. The team building
those will be paid somehow. Paying customers assure that ad networks and other
nefarious actors cannot incentivize weak security practices.

Sure. We could all evangelize some esoteric command line FOSS system, but the
general public NEEDS secure password management

~~~
zzzcpan
What "security" could you possibly get from password storage with subscription
and automatic updates that you can ignore the risks involved?

You are giving a centralized 3rd party identifying information about you
because of the subscription, control over your passwords because of the
updates and you have to believe and trust it's never going to deny you access
even without payment, issue an update to steal those passwords or be hacked by
someone who does the same or hacks you through it. Oh, and they can do all the
surveillance capitalism business models since they have access to the websites
you visit.

~~~
jeffshek
The same security a bank gives you with a vault with guards.

Sure, you could put the money in your safe at home, but security always has
tradeoffs.

~~~
CryptoBanker
Banks have an absurd number of regulations, and for good reason. Are you
suggesting password managers should be regulated similarly. I'm sure that
"small" fee would increase very quickly

------
mysterypie
> _Once you’re locked into one company, there’s not much incentive to switch.
> In fact, doing so can be a real hassle, since it requires resetting all
> those passwords all over again._

Why would it be a hassle? It should be trivial to switch password managers. Do
some not allow you to export or import data?

This brings up another question: How can VCs justify $200 million in funding
for businesses with essentially no customer lock-in?

~~~
newscracker
> Why would it be a hassle? It should be trivial to switch password managers.
> Do some not allow you to export or import data?

I’m not sure why TFA says it would require resetting all passwords, but to
answer your point, not all password managers have the same features. For
example, Bitwarden doesn’t have enough structured types to accommodate things
like software licenses, WiFi passwords and other things. When you import such
data into it from another password manager’s export, all this data will be in
some broken up jumbled format that’s not easy to use or is probably
incomplete.

For simple website logins though, every password manager should be
interchangeable with another through export and import features.

------
whoisjuan
If only password managers were consistent across all devices and apps. But I
think is by far the most broken experience in any cross-platform use case.

Since I’m an Apple user I would love to use their keychain but if I want that
consistency in my browser I need to use Safari and I prefer Chrome.

If I was an Android user I guess I would get the Chrome keychain by default in
my android device, but not making that switch just for a password manager.

I also have 1Password at work and personal 1Password but I don’t use it
anymore because I have found that is pretty easy to save passwords to my work
vault which apparently will be completely lost if I ever separate from my
company.

So now I’m forced to consider something like Dashlane to get the cross
environment experience but then again it will probably be very broken.

Basically passwords are the most terribly user experience that you need to
deal with.

It’s like having to go and do your necessities before the toilet existed. It
probably was wildly uncomfortable and inconvenient.

Someone needs to invent what’s toilets are to shit, because the password
experience is just that shitty.

~~~
Semaphor
> If I was an Android user I guess I would get the Chrome keychain by default
> in my android device, but not making that switch just for a password
> manager.

You could actually get whatever you want, PW managers can register themselves
as one system-wide (at least in newer Android versions).

~~~
ollie87
They do on iOS now too. That's how I keep my passwords sync'd across multiple
platforms using Firefox Lockwise.

~~~
whoisjuan
But does it work with the native keyboard when it sees a password field?

Edit: Nevermind. I see it now. I need to explore this. It just that it can’t
be 1Password for the reasons mentioned above. Any good alternative that
someone can recommend?

~~~
newscracker
You could try Bitwarden (it’s not as rich as 1Password, but is adequate for
web logins, cards, etc.). You can even self host forks of it if you wish. You
get a lot for free, but it also has some paid tiers that are quite cheap with
additional features.

------
dpflan
Glanced at Dashlane's Privacy Policy, but perhaps someone else is more aware:
strong secure passwords and management is useful, but does this mean there are
changes to essentially profile users and shared data with 3rd parties?
Basically, I have Dashlane manage my accounts for X, Y, Z, etc services, my
services profile is useful information for advertisers, right?

The benefits of strong secure password use more pervasively are overall good.

------
j7ake
passwordstore.org is still the best password manager I know of.

[https://www.passwordstore.org/](https://www.passwordstore.org/)

Add in a GUI and you're set.

[https://qtpass.org/](https://qtpass.org/)

~~~
newscracker
A huge usability bump comes with browser extensions (or integration with the
mobile OS password auto fill mechanism) for the popular password managers.
I’ve used auto type from some password managers that don’t have browser
extensions, but the experience is not as quick or seamless.

~~~
philsnow
I use 1password at work, but I don't use the browser extension. Instead of the
extension entering the password, I just copy it out of 1password with a
keyboard shortcut.

My browser extensions are really minimal, HTTPS Everywhere, Privacy Badger,
react dev tools. The browser is the modern operating system, and in general
you should reduce your surface area as much as is reasonable.

