What are your thoughts on password managers?

[A-Man]

Well, you dont bring your external hdd to everywhere. Cloud is for daily stuff. A copy of all the sensitive files should be on your pc. And time to time backups for external storage. Also if a fire or earthquake happens, I have more important stuff to worry about than my files, lost my house yo.
And same goes for theft.

This differs from person to person. What if you're someone whose work on their computer is what they make their living from? Losing their files can mean losing their source of money, which is what one will most need to cover their house recovery expenses.

Yes. What else are they going to threaten me for? I delete all the things from my mails after storing useful info to somewhere else. I leave nothing else than trashy and noncritical stuff there. And interesting that you can trust this whole cloud thing.

What can I say besides, that's your case. A lot of people have a bulk of their work going on online and through their emails. You may just be one of these "useless" victims for the time being, but this isn't the case with everyone, is it?

But wouldn't that put you in trouble if you lose your phone or get it stolen instead? What if you miss a time-sensitive payment while a replacement sim card is being issued?

See, no. If I lose or get stolen my phone or sim card, Google is a big company.

Guys already thought about it, there is always a way unless you take control of my body. Or lock me in your basement while impersonating me.

That's not what I meant though. You mentioned one needs to confirm via an SMS before they can pay for anything. You lost your phone, now that means you can't pay just yet, right?
(on a side note, I only receive an SMS notification after paying for something online)

Well It's just to demonstrate there is nothing (i care) a hacker can do by knowing my passwords.
Therefore generic passwords are just a general big barrier of security.

Goes for you. Frankly, I care about my passwords getting leaked =D.

If hacker passes it, there is a so much more harder barrier behind it which cannot be passed without killing the actual human behind it.

It's great to know google has a very good security system, but it's not impossible to get through. You shouldn't advocate negligence in choosing good passwords.

And don't store critical stuff on cloud, only use it as a up-to-date copy of your actual files on your pc.

And backup your pc at home to a external hdd that you don't move around in month to month intervals.
(this is protection for losing your laptop which never happened to me, that is why it has big intervals.)

Well, I guess that would be for another topic.

[mfc]

It's great to know google has a very good security system, but it's not impossible to get through.

But it is, with the sms verification thingy.

Well, this is all from me. Good luck on finding yourself reasons for password securing management stuff

[NightmareX1337]

There something called encryption. You don't have to trust clouds, you just have to trust the application that synchronize them. That's where importance of open source software shines.

[A-Man]

That's where importance of open source software shines.

That's very true. Proprietary software maintainers are ready to leak information with pressure. This can't happen with open source software where you yourself can ensure something is running just the way it should.

However, putting in mind that leaks happen rarely, and often only with a striking motive, you might think that your files being leaked to some organizations doesn't matter as much as the safety and persistence of your files.

[Silverthorn]

Wow, you guys surely have quite a bit to rant about. Guess I'm going to hop onto the train as well.

First things first, I have way too many accounts to have individual (strong) passwords for each of them and remember them as well (banking and work-related stuff mostly). I could do it like my grandma and write them down on a sheet of paper (which is technically more secure than many other methods around) but I'm preferring the digital version and use KeePass; one master password to remember, access to an infinite list of accounts. So why am I doing that?

- I'm definitely not going to use Firefox's inbuilt password-manager. After all, the passwords are saved in plain text, visible to anybody gaining control of the computer (physical is not even required)
- Synchronizing passwords between my home and my work computer is a massive hassle. That being said, I sometimes have to have important documents at hand as well, irregardless of my current location.
- Saving passwords in a cloud-based storage system without any additional means is risky. Even though companies say that they are not able to see what is being saved onto their servers, how can they adequately respond to reports (DMCA requests, IP infringement, etc)? An option would be to create a password-protected archive in which you store your actual passwords. Oh, wait, that sounds familiar...

So basically, I have my passwords and important documents saved in a KeePass-file placed in my Dropbox-folder. Synchronizing to any computer I wish without immediately revealing everything. In that case, if any of my computers blow up, I'll still have access to everything. This way, the very important stuff to me is somewhat safe, even if anybody had physical access to my stuff.

[mfc]

@Blue Phoenix:
Today I tried doing the same, set up a portable KeepAss in a MEGA folder and saved db there too.
Then put some passwords there. Also set up the Android program KeepAssDroid which also synced with mega database, Could access passwords there too.

But the sheer effort of being have to type the master password of keepAss (which I also written it to a paper just in case), really felt so annoying. So slowing down. I am better off chrome remembering my passwords on both android and pc. Thing is so fast. I know it stores all in text format but I have never been attacked and cannot see any threats so far.

I guess I will go for my own way for a while now. Simply cannot deal with such security. If I ever come to that paranoid-y level, I will probably switch to linux and delet my gogle and msoft accounts lol.

[A-Man]

But the sheer effort of being have to type the master password of keepAss (which I also written it to a paper just in case), really felt so annoying. So slowing down.

Do you allow cookies? Most stay for a long while before they log you out and you have to sign in again. If you think that's too much for writing passwords, Linux will give you a really hard time with sudo asking you to re-type your password every time you open a terminal to do some administrative task (from copying files to changing a system setting). Security can't come hassle-free :P