SoylentNews is people
SoylentNews
A security consulting firm released a report on the safety of password managers. A non-geek, summarized version is also available at the Washington Post. (Summarized graphic of results.)
The password managers included in the study were 1Password 4, 1Password 7, Dashlane, KeePass, LastPass. Unfortunately, the testing was limited to Win10 even if the password managers were available on other platforms. They all had some flaws, but as reported, you should still use one. They were all tested for encryption method on the database, accessibility of the master password and keys in memory while unlocked, and the master password and keys in memory while locked.
All were evaluated to have adequate encryption on the file. 1Password 4 (which actually had better memory security than 1Password 7,) was best at keeping individual passwords safe in memory; while KeePass was best at keeping the Master Password safe in the memory tests (although Dashlane did the same while it while in a locked state.)
(Score: 2) by VLM on Thursday February 21 2019, @12:30PM
Given the option of:
1) Trust my cell phone provider not to F me over with 2FA, at least for "important financial stuff" (kinda a waste of time for online shopping sites using paypal or social media)
2) Trust no one to guess moron passwords like Password1-
3) Trust some 3rd party to store all my data and not get hacked themselves or MITM'ed or any person in the entire government or corporate structure of western civilization simply asking for the complete dataset.
4) Trust in my luck
5) Trust in gpg and a private git repo of encrypted files, one per site, with passwords looking like line noise generated by pwgen
I personally use a mix of 1 5 and 3. And I suppose 4, like everyone else.
I'm just not seeing a complicated problem like passwords being "fixed" by adding a theoretically corruptible and complicated 3rd party into the middle of the process.