So all my passwords are locked behind a single password? Isnt this essentially the same as using the same password for every site. In that they only need to cracl o e password to have access to everything?
In theory, yes but if you use a good password manager and have a strong master password the encryption should be practically impossible to break.
The fact that you only have to remember one password means that this password can and should be a very strong one. 20+ characters with upper and lowercase letters, numbers and symbols should take centuries to crack.
For example, consider the case of a 1Password vault falling into the hands of an attacker. They do not have the option to just crack your password, as the password is mixed with a randomly generated value to ultimately derive the key. They would need to simultaneously brute force your password and that random value. This should almost be impossible. However, given access to a client that already has knowledge of the secret value, it would fall back to brute forcing the password.
So all my passwords are locked behind a single password? Isnt this essentially the same as using the same password for every site. In that they only need to cracl o e password to have access to everything?
Just don’t use your master password anywhere else than your password manager.
If your password manager only works offline, then it is impossible to leak on the internet.
Depends if you trust your password manager site more than either site you put the same pw into
In theory, yes but if you use a good password manager and have a strong master password the encryption should be practically impossible to break. The fact that you only have to remember one password means that this password can and should be a very strong one. 20+ characters with upper and lowercase letters, numbers and symbols should take centuries to crack.
This is not necessarily true.
For example, consider the case of a 1Password vault falling into the hands of an attacker. They do not have the option to just crack your password, as the password is mixed with a randomly generated value to ultimately derive the key. They would need to simultaneously brute force your password and that random value. This should almost be impossible. However, given access to a client that already has knowledge of the secret value, it would fall back to brute forcing the password.
deleted by creator