Everyone pushing password managers but nobody talks about the single point of failure

Been in IT for about 8 years now. I keep seeing people recommend password managers like they're bulletproof. But last month a buddy of mine had his master password for Bitwarden phished through a fake login page that looked identical to the real one. Lost access to 200 accounts. Took him 3 weeks to recover everything. If your master password gets compromised, you lose everything at once. That's way worse than getting one account hacked. Does anyone audit their own password manager vulnerabilities or just trust the marketing?

3 comments

3 Comments

bettyfox14d ago

Your buddy's story about the phished login page is exactly what scares me. I've been using one for years but I honestly never thought about how easy it is to fake the login screen... people put all their trust in that one password. I actually take it further than most though - I keep my email and my most critical accounts like banking on a totally different password system that isn't in the manager at all. It's a pain to remember a few extra passwords but it means if someone does get my master password they can't drain my bank account or lock me out of my email. Nobody talks about having a backup plan for when the manager itself fails.

jana11914d ago

Honestly that's a really smart way to look at it. I've noticed a pattern where we just keep piling trust onto one thing without thinking about what happens when it breaks. Like with cloud storage, everyone just assumes their photos are safe until the company shuts down or gets hacked. Same with using the same email for everything, if that gets compromised you're toast. People just don't think about the backup plan until they need it.

john_cooper13d ago

Did you catch that LastPass thing from a few years back where their whole vault got stolen? Makes you think twice about putting everything in one basket.