• Ephera
    link
    fedilink
    arrow-up
    2
    ·
    4 years ago

    I used to have mixed feelings about password managers, thinking I’m exposing all my passwords behind just a single password.

    But without a password manager, it’s pretty much impossible to use a different password for each service. And that’s really the bigger risk, as services leak password hashes so often, if that hash gets bruteforced once, you’re fucked for every service where you reused that password.

    I mean, services can add Salt and Pepper to the password hashes to make bruteforcing the hash harder and the result less useful, but you unfortunately can’t rely on that.