If you agree that for MOST people a password manager is better than what they're doing (which is a dumpster fire) then yes—I've mischaracterized your argument all along and we're in agreement. Apologies.
-
-
Replying to @DanielMiessler @taviso
I thought you were specifically arguing that because some password managers were SO BAD that they're not automatically better for most people.
2 replies 0 retweets 0 likes -
Replying to @DanielMiessler @taviso
The problem here would have been having someone awesome like yourself convincing everyday people not to use password managers because they're higher risk than their existing dumpster fire—which is wrong. Glad we're in agreement. Again, nice find, and Happy Friday.
1 reply 0 retweets 0 likes -
Replying to @DanielMiessler @taviso
I think what he is saying is that he really wants to tell everyone to use password managers but every time he looks at one he finds major flaws. I feel just as conflicted.
2 replies 0 retweets 2 likes -
I hear you. And it's why I don't recommend them to people with good security hygiene. I think the risk is too high. But for most people—who have THE ABSOLUTE WORST security hygiene—it's my opinion that it's better for them. And that's 95% of people. Hence my position.
1 reply 0 retweets 2 likes -
Replying to @DanielMiessler @m8urnett
Do you think it must be a safe and trustworthy password manager, or is literally any password manager, even if it has a remote shell okay? Please explain why you won't qualify that it has to be a safe password manager.
1 reply 0 retweets 2 likes -
Tavis, when I recommend software I hardly ever tell people to find ones with lots of vulnerabilities. Again, I am NOT making the argument that the worst possible password manager is better than the best possible non-password-manager. And there are infinite shades in-between.
2 replies 0 retweets 1 like -
Replying to @DanielMiessler @m8urnett
I can't even parse this statement, what is a "non-password-manager"? It seems to be very hard for you to say that "Most people should use a safe and trustworthy password manager".
1 reply 0 retweets 1 like -
Most people should use a safe and trustworthy password manager.
3 replies 0 retweets 0 likes -
Not hard at all. Now, your turn. It seems very hard for you to say that for most people their online password security is SO HORRIBLY BAD that recommending they use a password manager is good advice. Happy to throw in that it should be a good one.
1 reply 0 retweets 0 likes
Tavis Ormandy Retweeted Tavis Ormandy
You mean like literally all the dozens of times I've said it, including the times that you immediately start arguing with me? Look who the first responder here is Daniel?https://twitter.com/taviso/status/842807269058207744 …
Tavis Ormandy added,
-
-
Surely even using a bad password manager with vulns is somewhat better than having Christmas1 as your password everywhere. The chance of an individual person’s password manager getting compromised is less than the chance of their bad and reused passwords getting compromised.
1 reply 0 retweets 2 likes -
That is a false dichotomy. The options are not limited to only using the same password everywhere or using a dangerously bad password manager, you could also use a safe password manager, like KeePass.
3 replies 4 retweets 2 likes - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.