The alternative right now is to use the same password everywhere. That's even worse.
If one site is breached you have to go change your password everywhere. By using a password manager if one site is breached you just have to change that one password for that site. Using the same password everywhere is a real concern that should be avoided at all costs.
LastPass's breach is the exception to the rule. Generally speaking password managers have had a far better go of things than LastPass has.
By far, using a quality (LastPass is not one of them and frankly never has been) password manager is likely going to be the most secure thing that any average user uses every day.
This breach is much the same as the typical media stuff, hyperbole does no one any good. One bad thing happens and the sky is falling (hyperbole). No, the sky is falling for that app (LastPass) but not for every password manager. You have two really good options: Bitwarden and 1Password. I, personally, wouldn't touch any others that are cloud based. Local password managers are another matter, but they're simply a non-option for me and I'm not willing to give up the convenience, or the administration abilities that come with it in a business environment.
> The alternative right now is to use the same password everywhere. That's even worse.
Or to just use the browser's saving functionality and never push your passwords online in the first place. They're probably only using one primary device like me; I generally don't log in to stuff on my phone, or personal stuff on my work laptop/work stuff on my personal laptop.
If their habits are like mine then these cloud password services are pretty pointless.
You're unlike most people in that regard. I'm signed into services on at least two or three devices -- a desktop, a laptop, and my phone.
Also, with your setup, what happens if the computer with the browser containing all of the saved passwords is destroyed somehow?
I don't know if this has changed, but a few years ago the stored passwords in Chrome were stored unencrypted in a sqlite3 database. (on Linux, at least) I'd use an audited service such as Bitwarden or roll my own Keepass thing before using the browser's saved password feature. All it would take is one RCE exploit in a browser to expose your passwords.
I think that using multiple devices is probably by far the most common use case. Personally I have my own PC, a work laptop, and a phone that I regularly use, and a tablet that I use irregularly (but often enough that I want my account information available).
If one site is breached you have to go change your password everywhere. By using a password manager if one site is breached you just have to change that one password for that site. Using the same password everywhere is a real concern that should be avoided at all costs.
LastPass's breach is the exception to the rule. Generally speaking password managers have had a far better go of things than LastPass has.
By far, using a quality (LastPass is not one of them and frankly never has been) password manager is likely going to be the most secure thing that any average user uses every day.
This breach is much the same as the typical media stuff, hyperbole does no one any good. One bad thing happens and the sky is falling (hyperbole). No, the sky is falling for that app (LastPass) but not for every password manager. You have two really good options: Bitwarden and 1Password. I, personally, wouldn't touch any others that are cloud based. Local password managers are another matter, but they're simply a non-option for me and I'm not willing to give up the convenience, or the administration abilities that come with it in a business environment.