The argument is that when compared to what most people do—which is just reuse the same garbage passwords across most of their sites on the internet—using most password managers (and definitely the good ones) is an improvement.
-
-
Replying to @DanielMiessler
As I have never made a statement that disputes that, and regularly hear from people like you how wrong I am, how can that be the argument? Here is what I think the argument is: You really *really* want "use a password manager" to be good advice. So do I.
2 replies 0 retweets 16 likes -
Replying to @taviso @DanielMiessler
It's simple, easy to follow advice. But, like most things in security, it's not that simple.
1 reply 0 retweets 17 likes -
Replying to @taviso
I don't know what other arguments people are making. If they're saying a password manager is ALWAYS better than not using one, then that's clearly wrong. My argument is about USUALLY—for most people—based on how horrific the alternative is of sharing weak passwords everywhere.
1 reply 0 retweets 1 like -
Replying to @DanielMiessler
Then find me the statement I've made that you disagree with. If I've never said anything you disagree with, then why do you keep trying to argue with me?
1 reply 0 retweets 8 likes -
Replying to @taviso
If you agree that for MOST people a password manager is better than what they're doing (which is a dumpster fire) then yes—I've mischaracterized your argument all along and we're in agreement. Apologies.
1 reply 0 retweets 2 likes -
Replying to @DanielMiessler @taviso
I thought you were specifically arguing that because some password managers were SO BAD that they're not automatically better for most people.
2 replies 0 retweets 0 likes -
Replying to @DanielMiessler @taviso
The problem here would have been having someone awesome like yourself convincing everyday people not to use password managers because they're higher risk than their existing dumpster fire—which is wrong. Glad we're in agreement. Again, nice find, and Happy Friday.
1 reply 0 retweets 0 likes -
Replying to @DanielMiessler @taviso
I think what he is saying is that he really wants to tell everyone to use password managers but every time he looks at one he finds major flaws. I feel just as conflicted.
2 replies 0 retweets 2 likes -
I hear you. And it's why I don't recommend them to people with good security hygiene. I think the risk is too high. But for most people—who have THE ABSOLUTE WORST security hygiene—it's my opinion that it's better for them. And that's 95% of people. Hence my position.
1 reply 0 retweets 2 likes
Do you think it must be a safe and trustworthy password manager, or is literally any password manager, even if it has a remote shell okay? Please explain why you won't qualify that it has to be a safe password manager.
-
-
Tavis, when I recommend software I hardly ever tell people to find ones with lots of vulnerabilities. Again, I am NOT making the argument that the worst possible password manager is better than the best possible non-password-manager. And there are infinite shades in-between.
2 replies 0 retweets 1 like -
Replying to @DanielMiessler @m8urnett
I can't even parse this statement, what is a "non-password-manager"? It seems to be very hard for you to say that "Most people should use a safe and trustworthy password manager".
1 reply 0 retweets 1 like - 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.