Allowing convenient use of strong, unique passwords per-account IS the job. If a user can't quickly access their passwords on all their devices, they're going to fall back on just typing it in. And in real life, that means they pick easy passwords and reuse them in lots of places. This opens them up to attackers who either guess the password, or take a password learned from one site and try the user's accounts on other sites.

A great password manager does the following:

1. Makes it easy to generate strong, unique passwords per-site every time an account is created.

2. Applies an expensive key derivation function to your vault password to make brute force impractical for all but the weakest passwords, so that stealing vaults is of minimal value.

3. Does not ever transmit your vault password off your device, so that an adversary who can intercept every vault file and every plaintext byte of traffic going to and from the server still cannot do better than a brute force attack against the vault.

4. Does all 3 of the preceding with a rigorously designed process that is regularly audited by multiple experts, and actively monitored to ensure that these things really are happening throughout the lifespan of the product.

5. Syncs across devices and integrates very well with the browser so that users have no incentive not to use it.

Lacking any one of those elements greatly compromises effectiveness. Homebrew solutions can be pretty dodgy about all of them, and #4 and #5 are particularly difficult even with a large budget and staff.

I'd say Bitwarden and 1password have earned excellent reputations for doing all 5 of these things. LastPass's reputation is not so great.

I use a password manager because I have multiple devices and a cross platform solution that I can access is a straightforward solution. A local password manager like Keepass is still vulnerable to attack by a compromised system. A well architected password manager is going to not store the decryption keys on their servers and only allow the password vault to be decrypted locally so if they get breached, they would still need to have your master password to gain access to the data. A malicious update could allow them to steal your information but so could a malicious Keepass or OS update.

Using a password manager with a strong password and multifactor authentication is mitigating so many security issues off the bat the new risks it introduces can be small.

Bitwarden has not had any of the problems you listed and can be self hosted.

They're best known for being an identity provider but they do have a password manager product[0], which is what I think OP is referring to.

[0] https://www.oktapersonal.com/

Something that does not sync between devices does not do the job.

https://www.dashlane.com/download/whitepaper-en.pdf

Keepass has nice clients but some require bringing my own sync(syncthing frequently failed due to conflicts) and some apps went out of maintenance. Some supported ones like dropbox/gdrive but frequently broke integration every other month due to api changes. Also, when I want to use 2FA, a basic synced encrypted file doesn’t work and having 2-3 apps(most standalone OTP apps needs my phone number or email or credit card) scattered between different platform. Basically after 10-15 credentials, it becomes maintenance headache.

What the likes of 1Password/Bitwarden/Lastpass(naughty naughty …) does is, they provide ubiquitous experience on all of my devices and seamlessly does the sync for a very little price(bitwarden 1year is only €10/-, that is dirt cheap compared to one falafel bread cost me €6+) removing all of the maintenance and management headache.

As for security, I would trust bitwarden or 1Password more than random unmaintained keepass app with self managed syncing and random loss(fixing sync conflict on a keepass db is super risky domain of severe data loss!). Also it is their business to manage my passwords and if hackers are harvesting passwords easily from them, what makes you think that hackers can’t do that on the very website that you enter your credit card details?

Password managers are major improvement in quality of life and security. Heck, I don’t even know 99% of my password, I just click generate and autofill without having to think about all arcane 1 uppercase, one special digital rules on different websites.

—EOR—

Using a cloud sync password manager allows me to follow best practices in having complex, unique passwords for each account.

Data breaches and password leaks at random websites are a much more common attack vector than all of your encrypted passwords being exposed via a password manager.

> Through these hackers can generally get passwords of all users of these services

I'm not sure that there's really evidence or history to back this up. As far as I know even the LastPass data breaches only exposed encrypted passwords, not decrypted ones.

For companies, the benefit is that shared credentials can be distributed to employees without people pasting them in slack, email, or other insecure services.

That access can be revoked by policy if say an employee leaves the company, and new credentials can be generated for all the employees who remain.

In the early days they did not set a minimum length and they did not increase users settings once it became clear it wasn’t enough.

1. Syncing. You mentioned it, but its actually pretty big. Its hard to do this right, and I don't trust myself. This is especially true on devices without normal OSs like phones.

2. Autofill. Just having a plain text file means I have to constantly go to it. Its a pain, I want autofill.

3. Password generation. Just a text file means I use shitty passwords everywhere. Auto-generated passwords are truly random and much more secure.

4. Recovery. My father passed away a few years ago. The fact that he had all his stuff in a password manager with me as a recovery person meant the transitional period was way easier. Instead of having to deal with tons of customer support for months I was able to manage his affairs the next day.

5. Integrations. For example some managers can plug into TOTP services and autofill that for you. I don't personally use that, I feel its too many eggs in one basket, but some people like that.

6. Team/sharing. My work uses a password manager and its useful to store creds in a secure, audited, sharable way for certain services.

When you put it all together it adds up. It CAN be done with alternative means, and if you are super security conscious you may choose to do so, but for the majority of people its a good tradeoff.

This is one of those cases were putting my eggs in one highly battle-tested basket makes a lot more sense than trying to reinvent the wheel poorly.

But don't use Lastpass, OK?

1. I am an average user and want to store my passwords, and I don't want to have to think about them for more than 5 seconds, ever. I want some solution that will input passwords for me when I go to a website, and I don't much care about the actual security situation; I assume it's fine. From this perspective, an encrypted text file is a much worse user experience, and the potential for a data breach is not something I'm thinking about at all.

2. I am the CISO or similar security professional for a company. I can't let users just use whatever passwords they want: not only do I know it's a terrible idea, I'm bound by the controls in my security framework to do something to enforce password strength and encryption. So, I need users to do something else. Even if it's allowed by my security protocols, I am not going to trust the 500 people in this company to keep an encrypted text file of strong passwords that I have no oversight on. Most of them will use "password123" for everything, I know this for a fact. Instead, I want to enforce some password standards and rotation schedules, and have a dashboard that says "everybody has a strong password" that I can show off at a vendor security review or even just my personal performance review. That implies a SaaS product.

I'm not going back to a life without a password manager.

I'm not sure why you're rolling Okta in here, but Okta can a completely different thing depending on what you're referring to.

Single sign-on (with something like Okta) makes it so that a user doesn't need to manage a dozen passwords and enables an organization to limit access of a user's account if needed.

If you use an app with Okta SWA, you (as the admin) can create a password for users so your users don't have the responsibility of making a strong password. But this is only for stuff that can't use OIDC/SAML.

Ideally you'd use Okta with OIDC/SAML with your applications so your individual users won't have static credentials, and in this case, there isn't really a parallel here to some software you'd run locally.

I think the commenter was advising on the use of SSO in lieu of passwords where possible (at least in a corrosive context, but personally I use SSO via Azure AD wherever I can at home too.)

As an end-user, if you click on any tile, you get your application regardless if the authentication scheme is SAML/OIDC/static credentials. In the case where static credentials are required for a service, the end-user doesn't have to get a sheet of paper telling them the username to use. Instead, a script provisions a username/password behind the scenes and Okta is responsible for keeping the username/password safe.

Admittedly, I don't know if the traditional password manager companies offer a system like this, where you get a matrix of apps to choose from and the user is removed from knowing a username/password is being exchanged.

If you make life unlivable, either for yourself or for a group of people, you can expect security to fall by the wayside.

Real-world security isn't just about digraphs and compendia of named (known!) attack types, listed together with mitigations. (Although all that certainly helps!)

It is, unfortunately, also about maintaining and managing personal systems. No matter how scaled and nuanced, the security of any organization comes down to personal habits.

Password managers make it significantly easier to track, prune, maintain and manage identity across sundry & clastic platforms, and therefore, improve security.

If you want to manage passwords amongst family members, it's easier to set them up with one of the cloud services compared to Keepass. You also get some level of customer support, and don't have to worry as much about when your password breaks.

I personally have set up KeePass, made sure it's backed up regularly, and even set up a WEBDAV server to access it remotely. It works great for me, but I know how everything is set up. Strongbox for mobile access is the main reason I can actually use this, and this is a paid application that not everyone is willing to pay for. Experience-wise, other mobile applications for KeePass have not compared, and I have no idea how apps for Android compare, since I set up everyone with iOS devices. Sometimes, the connection to the server gets disrupted, and I have to reconnect. Not everyone wants to do this, and can have less confidence in the other supporting infrastructure.

As much as attack vectors exist, the biggest risk is you losing access to your own passwords (there's been enough lost crypto wallets you can read about on the internet). Compared to that, a cloud based service is better for a large group of people.

People use cloud-based password managers because they provide data resiliency. If you store your passwords locally only, you will have a day when your hard drive crashes, you've lost all of your passwords, and you will be in a very bad situation.

> The key difference here being that this is two way hashing so passwords can be decrypted.

There's no such thing as "two-way hashing". If you're worried that the master password password-hashing algorithm is crackable, that's fair, but that's only a problem if you use a weak master password. If you use a, say, 96-bit master password (e.g., 16 random base58 characters), then honestly you're pretty damn safe with even if a site only uses a single pass of SHA-256. But no one's using a single pass of SHA-256, they're using a PBKDF, which means you can use a few less chars in practice for the same security guarantee.

> In reality, there are a lot of attack vectors like MITM

The security of a remote password manager will only be as secure as the transport encryption, this is true. But TLS is pretty solid these days, the risk of breaking it is much smaller than other risks involved here.

> event logging or sometimes straight up storing data in plaintext

You will need to trust that the cloud-based provider doesn't store anything in plaintext. I trust my provider. I don't trust all of them.

I would add for the sake of the conversation that any good password manager worth its salt (pun acknowledged) is using end to end encryption that isn’t reliant upon the promises of TLS.

(Authenticated) encryption on the client is key to any syncing password manager being able to fulfill expectations of privacy and security.

Assuming you mean password manager services. If they can get a copy of the vaults at all, in a well-designed system they have to attack each one individually.

They also serve business use cases for sharing, and revoking access, to other services.

> So, why don't people use local password managers?

Because synchronizing between devices is an important factor in usability, even just for an individual, not even considering groups or businesses that would share access.

Local password manager vaults can also be stolen by malware, would result in the same catastrophic loss you suggest.

> Just a txt file encrypted with "master password" should be pretty damning to break into. And the reward for breaking in would be password for 1 person. (compared to 100k businesses).

Password managers do just "do the thing you'd want them to do", and because they have a well-defined use case, they can support extensive discussion about threat models, and can easily and coherently support lots of people benefiting from the best research and security, without each having to individually roll a solution.

A hosted service without persistent compromise is likely less vulnerable to an old copy of a vault, and an accidentally disclosed master password causing catastrophic failure.

Lastpass has some issues that look egregious in retrospect. The early exceedingly low-strength vaults that were never upgraded (only possible on login).

1password publishes research and pushes forward authentication management beyond password, e.g. passkeys, in a credibly cross-ecosystem way.

A password manager is a big database of passwords. There is a master password that decrypts the database and from there you can use your passwords. Notice that hashes are one-way operations thus not used in password managers. The benefits of using a password manager are that that users need to remember and handle only one password, that of their password manager, the rest of the passwords are unique and can be rotated quickly. Ideally, your password manager does a few more things, including taking precautions against leaving traces of passwords in memory etc.

There's another part of commercial password managers which is mostly convenience functionality. Passwords are synced across devices, specific members access specific passwords etc.

Some people do use local password managers, depending on their threat model (i.e., who's after them) and their level of expertise/time on their hands. Setting up something locally requires taking additional precautions (such as permissions, screen locks etc.) that are typically handled by commercial password managers.

Reg. Okta, Okta is an identity provider. In theory, identity providers can provide strong guarantees regarding a user, i.e., "I authenticated him thus I gave him those token to pass around". Strong guarantees can include a number of things, including Multi-factor Authentication, VPN restrictions etc.

Funny story: during an internal red team engagement on a previous employer of mine, we took over the local password manager of a subset of the security org, twice. The first time, they had a VNC, unauthenticated, with the password manager running and the file unlocked. The second time, a team conveniently used Git to sync their password manager file, with their password tracked.

With a single keystroke, while in a web browser where the majority of my passwords are requested, I fill in the username and the password for the site I am on.

Vs. an encrypted plain text file, it has the following advantages:

- A single keystroke in the web browser, vs. typing longer commands

- No searching through hundreds of entries. At most a small handful is shown if I have multiple logins.

- No worries about wiping my terminal scrollback buffer or forgetting to remove the temporarily-decrypted file.

- Correct password for correct site, and no thread of lookalike sites

- All devices have access to same password list, via Dropbox sync of encrypted DB files.

- Can store other structured data in addition to passwords. Even binary data like images.

- Can use is as a TOTP, but that is arguably a bad practice. It's convenient though.

This is surprisingly hard for non-engineers to get right.

- Where do you put the decrypted file before you can open it up in Notepad?

- Do you copy passwords to the clipboard, where other apps can spy on them in-flight to the destination?

- How do you sync the encrypted file across machines? How do you resolve merge conflicts?

- How do you backup the encrypted file and make sure you don't accidentally upload the decrypted copy?

- How do you share some passwords with your partner, some passwords with your phone plan's virtual family, some passwords with your cofounder, and keep yet other passwords to yourself?

Engineers can solve most of these problems but average non-tech people would probably fail at all of the above.

That said, I use an almost-stateless password generation scheme that involves PBKDF2-HMAC-SHA256 on master password concatenated with domain of service, but that solution isn't for everyone.

Out of curiosity, how do you handle versioning in your scheme? What about password strength requirements, length restrictions, etc.?

I have a JSON file that describes if a particular domain has certain restrictions, e.g. max length, ensure at least 1 symbol, ensure at least 1 uppercase, ensure at least 1 lowercase, etc. and then deterministically edit the password to match any such requirements.

Another way to do appease the idiotic upper/lower/symbol rules is to just append something like "Aa$1" to every password, though it reduces entropy for sites that have a max length.

These requirements are public information, and you could store this JSON file on a public github repo if you wanted.

I also store in this JSON file another piece of information, which is the Nth password on the site. The I run something like 500000+N irritations of PBKDF2 where N is the nth password I use on the site. The value of N for sites not in the JSON file is 0. If I need a 2nd password on a site due to it requiring me to change the password, I increment N and store in the JSON file. For this reason I store the JSON file in a private github repo. I know it's not the best practice but meh the value of N is not that sensitive compared to the master password, which is stored nowhere and has never been entered into a machine I do not own and trust.

I think I could get into that for personal use, but would dislike not having a place to store TOTP, recovery codes, usernames, etc. alongside the passwords.

You've answered your own question.

* Syncs between devices. I can login to my accounts in all my devices. If I can access my Dropbox account, I can access everything else with the master password.

* Auto password generation. I don't ever even bother looking at the passwords. Just generate something like 32 characters with all ASCII characters, including "special" characters. This goes a long way.

Having used KeePass (with Dropbox sync) since ~2018 I don't even know how people operate without a password manager. It's so intensely convenient. Just dump all the info in the database. I can even take notes in my database. Write my credit card number, SSN, other private info. Put SSH keys. Put website info. Describe where I put my tax documents. Password manager is a pointer to everything else.

And I think it actually improves security as while if my phone is breached, I’m screwed, I’m now able to use unique, high entropy passwords for the 200+ accounts I have. And I’d never be able to do that without a password manager.

I use iOS instead of lasspass, etc because 1) it’s included in the phone price; 2) apple’s security record is better; 3) the above reason about having a spof. If I use lastpass now I have two spots. And one spof is better than multiples.

These days I use KeePass but together with Syncthing to have it across all my devices. It's a bit of setup but I am in control and it works flawlessly.

Last word; check out Syncthing, it really is a ridiculously good software.

Seems like you answered your own question. While it is less secure, my password safe is synced across all devices. I can also easily share passwords with my family members and I can assist them with lockout issues. I don't think there's a nice solution for this with Keepass.

Also, a typical implementation is that the decryption is performed on your device. I don't think you send your key material to the provider but I don't know about all of them.

It is certainly a "keys to the kingdom" issue as you noticed, and I don't put 2FA reset credentials in the same place for example.

The major advantage when compared to a separate application (ie encrypted text document) is that the system/browser based url/context reduces Phishing, Clipboard jacking security issues.

Why does Okta exist? Primarily for their SCIM configuration (which is different and adds a level of org management)

Why do Lastpass and 1pass exist? Likely because Android/Chrome passwords weren't trusted yet and Apple keychain doesn't has as much of a consumer interface / cross platform concerns.

Backup & password generation seem to be the big ones. Secondary is sharing of password and cross-device sync. Third tier is probably browser integration.

Tiers here represent the overall decrease in the security profile as you move to higher tiers.

Finally a small nit -- if it's reversible, it's not hashing. Password managers necessarily store encrypted plaintext (not hashed) passwords because you have to be able to enter your password onto a website.

People have multiple devices, so syncing is needed for usability.

Some password managers are basically local, but with end to end encrypted syncing. If you have to move passwords around, why not use a solution that already does it in a secure way?

I keep the file tidy, in a very simple grammar, and I have some shell functions that, with the passphrase available, can retrieve the secrets programmatically.

I wouldn't trust it with my 401k login. But it's handy for this week's API tokens and the pizza place's phone number.

I do use a local password manager, personally. The disadvantage to doing so is that I don't get autofill of passwords and have to enter them by hand. I consider that a good thing, though, because it means that I end up memorizing the 3 or 4 passwords I use the most in a couple of days after generating them.

I had a phishing attack against me prevented by a password-manager; I ended up at a pixel-perfect copy of the login-page, with the domain of original link I clicked on being correct (it used an existing URL redirector on the original domain). It wouldn't auto-fill, so I looked at the address bar and gasped.

So I use a standalone password manager on my phone instead.

Or Bluetooth controlled robot hands. I will go with the latter.

Your answer is in your post:

> Obviously, this would be less convinient and wouldn't sync between devices.

That said, any linux user a little bit curious/nerd could use pass + passFF + git (or any self-hosted or not git repo) + password-store (if they want it on their phone too).

That's your answer right there ^

I am a security engineer, and this isn't dumb. It's a very well thought out, smart question.

I'm not going to try to out do the other answers, but will point out, most seem to underweight the importance of social proof, and convenience

Does it work on Android or iOS?

Good luck cracking that remotely.

I honestly don't know. Keepass + syncthing is really fantastic and very secure. I guess some people have bought into this "services are convenient" narrative, which I don't really think is true at all. There's nothing convenient about finding out that your password database has leaked online, verifying your new machine with SMS 2fa, doing everything in a browser in a web app. Having a file in a directory that's just always there and up to date is convenient, adding a new syncthing directory pair when you get a new machine and then being able to forget about it after that is convenient.

I have no idea.

I use a locally encrypted store, and have done so for almost 10 years. I keep thinking to myself "there's got to be something better, surely I could make an external device..." but it remains to be seen.

The few times I have, I've used adb.

My reasons for doing so are, in roughly descending order of importance:

1) It makes it easy for me to have a unique, complex password for each service/account. This limits my exposure to third-party data breaches. If a service I'm using stores their passwords in plaintext, and they get hacked, my exposure is limited to only the impacted accounts

2) I can easily share it across multiple devices. I regularly use macOS, Linux, Windows, iOS, and iPadOS. Bitwarden has clients available for all of these, and they work "well enough".

3) Convenience. For most services, I store my MFA key in Bitwarden alongside the password. I can therefore log in to those services with a few keystrokes: Cmd/Ctrl+l to fill username/password, and Cmd/Ctrl+v to paste the TOTP value. Of course, this increases my personal exposure and decreases the effectiveness of enabling MFA. For critical services - access to production systems for work, financial services, etc. - I have a hardware token that I use. It's not nearly as convenient, but it's good enough to be usable in the cases where I need a higher level of security

4) Sharing. I have a couple hundred accounts that I share within my immediate family.My wife, my kids, and even my own parents have Bitwarden installed on at least one of their devices. I've set up organizations so I can easily share credentials with them. This makes it much easier to have reasonable security on things like my Blink (security cameras) account while not having to physically access their devices to log in for them the first time.

5) Continuity. By having all of my credentials in one place, I'm able to store a physical copy of my Bitwarden credentials in a safe place. If I die unexpectedly, my heirs will have immediate access to all of my accounts. Because that system is the same one I use day-to-day, I don't have to worry about updating a "backup" or having it drift out of sync. I can also rotate my password frequently where appropriate and be confident that those changes will be propagated to my backup without my having to take additional steps to make it happen.

Obviously, the downside is that Bitwarden is then my single point of failure. I mitigate that to the best of my ability. Sign-ins from new devices requires a TOTP that lives on my hardware token or confirmation from one of my existing devices. If my Bitwarden account were to be breached, it would be a huge pain in my ass for sure. The attacker would be able to impersonate me on multiple sites, and perform some actions - off the top of my head, the most impactful one is that they'd be able to drain my checking account. That account only has my "working cash" for half a month at a time, though. All of my savings and investment accounts require at least a TOTP from my hardware token.