More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user
theverge.com
More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists
You are viewing a single comment
The excel spreadsheet can be read by anything. And if someone gets hold of it either through malware or access to the computer, they get all your passwords.
A password manager allows to store the passwords in an encrypted file. The file being encrypted, if the password is strong, may not be accessed easily or fast enough to be worth the effort.
So then why not use pen and paper and be done with it? It's basic opsec
It's a solution, but very inconvenient. There is also no backup, in case of destruction.
It is also not encrypted. So anyone stealing it can read it.
A password manager is great for storing sensitive information like password in a secure way, at least if the master password is good enough. And the password manager isn't a shitty one (Lastpass). The online password managers allow syncing, and also often can export a file.
Local password manager can also produce an encrypted backup file which can be stored on a server. While also offering some convenience to log in and storing many random passwords.
And thanks to online syncing of the password manager, not only can anyone who can access your PC read your password, but in case of Lastpass, anyone with access to the internet can!