If they use a password manager and randomly generated passwords, then it's acceptable.
One of the reasons why I don't want to use a password manager, actually. If you get locked out of that, you're fucked.
Good ones have an unlock token or another one time use way of unlocking it in case you forget your master password.
Ease of syncing across devices has me using an internet-based password manager (Bitwarden), but I keep a second local-only password manager (Keepass) that only stores my Bitwarden password. Just in case.
Keepass
For those who want to keep their ass.
Hey that’s real smart but what if you forget the Keepass password when trying to retrieve the Bitwarden password you forgot lol?
I use Bitwarden myself and love them. Great software great organization it seems. They didn’t even send any bullshit marketing “noooo come back YOULL LOSE EVERYTHING” emails companies love to send when you downgrade from paid to free tier and that right away bumps them up in my mind.
My wife and I also keep our Keepass passwords in each other's Bitwarden vaults.
So to lose access we'd both have to simultaneously forget our Bitwarden passwords AND be locked out of any biometric login. I consider that sufficiently unlikely.
Backups + OSS.
I use Bitwarden and JSON backups inside a 7zip. I ALWAYS backup after I make a new password that can’t be changed via email.
If they use a password manager and randomly generated passwords, then it's acceptable.
One of the reasons why I don't want to use a password manager, actually. If you get locked out of that, you're fucked.
Good ones have an unlock token or another one time use way of unlocking it in case you forget your master password.
Ease of syncing across devices has me using an internet-based password manager (Bitwarden), but I keep a second local-only password manager (Keepass) that only stores my Bitwarden password. Just in case.
For those who want to keep their ass.
Hey that’s real smart but what if you forget the Keepass password when trying to retrieve the Bitwarden password you forgot lol?
I use Bitwarden myself and love them. Great software great organization it seems. They didn’t even send any bullshit marketing “noooo come back YOULL LOSE EVERYTHING” emails companies love to send when you downgrade from paid to free tier and that right away bumps them up in my mind.
My wife and I also keep our Keepass passwords in each other's Bitwarden vaults.
So to lose access we'd both have to simultaneously forget our Bitwarden passwords AND be locked out of any biometric login. I consider that sufficiently unlikely.
Backups + OSS.
I use Bitwarden and JSON backups inside a 7zip. I ALWAYS backup after I make a new password that can’t be changed via email.