some people are going to sacrifice safety for convenience.
What the Experts Say About Browser Password Managers
Browser Password Managers Are Convenient But Dangerous
Bottom Line, Get a Real Password Manager
Google Password Manager doesn’t use the zero-knowledge encryption techniques that protect password data from everyone, including the password manager company. It doesn’t even use a master password
https://mashable.com/article/google-chrome-manage-passwords-bad-idea-privacy-leaks
@ecksmc My recommendation would be BitWarden. I started with LastPass and I'm still with them mostly because I don't want to change and I understand their security model.
Yes, they were hacked but their security model wasn't broken. It held. Beautifully. The hackers used side channel attacks to gain access. The story isn't over either but I've already changed all of the important passwords that were stolen.
Also, setup 2FA on the most important: all financial, identity, and email accounts.
@ecksmc True about 2FA but I just don't like the extra hassle. If they really want to hack any of a thousand accounts I've had to make for access to a site (not sites I actively use to post content to) then they can knock themselves out.
@danielbsmith yeah Bitwarden is a good choice - I switched to another PW manager though
they had an audit done recently also
https://counter.social/@ecksmc/109958631627504415
some issues were found but weren't classed as not severe
Three of the four issues that the security researchers discovered during the audit have been addressed, the fourth is under investigation
any service that offers 2FA you should use not just important stuff 😉