SomethingMatter t1_j81ugyu wrote on February 11, 2023 at 12:21 AM

Reply to comment by CervantesX in Millions of passwords stolen from LastPass earlier than company disclosed: Report by BasedSweet

You have two options:

Put your passwords in a password manager - this can be local only
Remember all of your passwords

The second one means that you will either have duplicate passwords or a system in place where a person who knows one password can figure out the others. The only real option is a password manager. All password manager worth anything won't be able to get hold of your passwords without you first entering your master password so the trick is to keep a good master password and you should be fine.

spsteve t1_j85ta1m wrote on February 11, 2023 at 9:15 PM

Local is the big part here. Password manager sites just are too big a target.

CervantesX t1_j88dm1i wrote on February 12, 2023 at 12:15 PM

Don't make it sound like it's that hard to make a site-unique password scheme. And all it takes is buying a domain name, and you can have unique site-specific login emails as well. Even if one of the sites gets hacked and your L/P are in plaintext, it would take an actual person intentionally targeting just you to even have a hope of noticing your scheme, let alone figuring it out. Sprinkle in some 2FA and there's no way anyone is finding another accessible account before that site auto locks for bad logins, and/or you notice all the notifications thereof.

Or you can put your entire life worth of passwords into the hands of a company dedicated to making as much profit for as little work as possible, and hope it works out for you.