I hear you. And it's why I don't recommend them to people with good security hygiene. I think the risk is too high. But for most people—who have THE ABSOLUTE WORST security hygiene—it's my opinion that it's better for them. And that's 95% of people. Hence my position.
-
-
Replying to @DanielMiessler @m8urnett
Do you think it must be a safe and trustworthy password manager, or is literally any password manager, even if it has a remote shell okay? Please explain why you won't qualify that it has to be a safe password manager.
1 reply 0 retweets 2 likes -
Tavis, when I recommend software I hardly ever tell people to find ones with lots of vulnerabilities. Again, I am NOT making the argument that the worst possible password manager is better than the best possible non-password-manager. And there are infinite shades in-between.
2 replies 0 retweets 1 like -
Replying to @DanielMiessler @m8urnett
I can't even parse this statement, what is a "non-password-manager"? It seems to be very hard for you to say that "Most people should use a safe and trustworthy password manager".
1 reply 0 retweets 1 like -
Most people should use a safe and trustworthy password manager.
3 replies 0 retweets 0 likes -
Not hard at all. Now, your turn. It seems very hard for you to say that for most people their online password security is SO HORRIBLY BAD that recommending they use a password manager is good advice. Happy to throw in that it should be a good one.
1 reply 0 retweets 0 likes -
Replying to @DanielMiessler @m8urnett
Tavis Ormandy Retweeted Tavis Ormandy
You mean like literally all the dozens of times I've said it, including the times that you immediately start arguing with me? Look who the first responder here is Daniel?https://twitter.com/taviso/status/842807269058207744 …
Tavis Ormandy added,
1 reply 0 retweets 1 like -
Surely even using a bad password manager with vulns is somewhat better than having Christmas1 as your password everywhere. The chance of an individual person’s password manager getting compromised is less than the chance of their bad and reused passwords getting compromised.
1 reply 0 retweets 2 likes -
That is a false dichotomy. The options are not limited to only using the same password everywhere or using a dangerously bad password manager, you could also use a safe password manager, like KeePass.
3 replies 4 retweets 2 likes -
Yes of course. Nobody is debating that one bit. I just think that Dan’s point is that a disproportionately large number of people have security hygiene that is that bad, and even a mediocre password manager would be an improvement.
2 replies 0 retweets 1 like
There will never be a situation where you're forced to choose between recommending one of those two options. You always have the option of giving better advice, so why argue about which rotten apple tastes best? Just get a fresh one 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.