Hacker News new | past | comments | ask | show | jobs | submit login

I don't think that's true. The scenario you presents requires the user to already be compromised by the attacker. What does it matter if they use a password manager or remember and type their passwords manually, if the attacker has access to your machine?

Of course there is a trade-off with the master password, but on the whole, I'd say it's a definite security win, because the user only has to remember one strong password instead of many, and an attacker only has an advantage if they've already won anyway.




>What does it matter if they use a password manager or remember and type their passwords manually

The main difference is amount of information attacker will get. With passmanager, he will get everything instantly once you type master. With manual typing, he will have to wait until you tell him about every single account, one at a time, so it's a bigger risk for him to get caught.

And password managers, in general, give average Joe false sense of security. So he starts storing everything in them. Bank accounts, credit cards, you name it. And once he gets hacked, amount of damage he receive will be much greater.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: