I'm quite hesitant towards using a password manager. All secrets are protected by only one single password, and to make the tool useful, it should be accessible from anywhere and I would use it quite often too, increasing the limit of my master PW being stolen (whatever way, keyloggers, shoulder surfers, cameras...). Thus, I rather memorize a handful of unique high-security passwords for important services and one or two low-security ones for all the rest I don't care about.
Of course, it's a different situation when e.g. managing many sensitive servers which you only access from work or so.
All secrets are protected by only one single password, and to make the tool useful, it should be accessible from anywhere and I would use it quite often too, increasing the limit of my master PW being stolen (whatever way, keyloggers, shoulder surfers, cameras...)
True, though your handful of passwords can be stolen in the same way.
With a password manager, you:
- ensure your master password is not transmitted over a network
- ensure you never reuse passwords
- ensure you have long, strong passwords everywhere
- never forget login details and never worry about remembering yet another password
On the other hand,
- you _need_ access your password manager in order to login
- you now have a single point of failure
- cloud-based password managers are very attractive targets for hackers
I don't like these aspects of it.
Still, a password manger is incredibly convenient and I do feel a greater sense of security/confidence when I copy a big old 64 character password to log in. As it is, I use so many different services (gmail, github, slack, aws, steam, dropbox, reddit, etc, etc) and that number is only going to increase. I think a password manager is a practical, scalable solution to both remembering login information and improving my security.
Of course, it's a different situation when e.g. managing many sensitive servers which you only access from work or so.