> But this depends on the alternative. If, instead of using a password manager, uses only one (or even two or three) passwords across all the websites they frequent, then you are still, in effect, trusting numerous third parties to keep your password safe in the cloud--if any one of these sites is compromised, then your password for all (or half, or 1/3rd, etc.) is compromised along with it.
Correct me if I'm wrong, I read this as if you're equating hacking a frequented website (and password) as hijacking a % of someone's accounts, if they use the pw there.
Random websites don't know about the other accounts you own, let alone the user ID and password them (if that same pw cracked is workable on the other service).
LastPass, or any cloud password service, has to store the relation between the service, your username for it, along with the password. That is global ownage.
Find my password on some irrelevant site, you may not even be able to link it back to me. If so, that doesn't mean you know which services I'm signed up to, let alone my user ID or password.
Correct me if I'm wrong, I read this as if you're equating hacking a frequented website (and password) as hijacking a % of someone's accounts, if they use the pw there.
Random websites don't know about the other accounts you own, let alone the user ID and password them (if that same pw cracked is workable on the other service).
LastPass, or any cloud password service, has to store the relation between the service, your username for it, along with the password. That is global ownage.
Find my password on some irrelevant site, you may not even be able to link it back to me. If so, that doesn't mean you know which services I'm signed up to, let alone my user ID or password.