I use an online password manager and I am pretty careful about such things.
LastPass was famously hacked but the hackers could not get a customer passwords because the online customer password files are encrypted and LastPass does not store customer encryption keys. Only customers know their own encryption keys. So even though hackers got into LastPass, the best they got were encrypted customer password files. The hackers, however, likely got some unencrypted files such as billing addresses, email addresses, and phone numbers. LastPass, of course, says it learned from these hack experiences and improved their security. That is likely true.
I use two factor authentication in addition to an access key for my password manager (not LastPass) that makes my online encrypted files even safer from hackers. It is two layers of protection. Also, the online password manager helps me create complex, randomized passwords that would be impossible to guess and it alerts me if I use the same password for more than one website.
For websites requiring my log in information, I use two factor authentication for all important websites that offer it (most do now). This means they require my password and a separate two factor authentication tied to my personal device.
All of this means is my online password manager has multiple layers of security and my important websites offering two factor authentication have two layers of security.
Personally, I would not use Google’s or Apple’s password managers for anything important. I want a reputable company mainly in the business of password security rather than only a small part of their business.
I have over 500 stored passwords. For me, the alternative to an online password manager carries more risk.
|