Re: Honest Question
Password managers have to work across all devices. Since most of us use more than one device simultaneously that means the data has to be replicated across the devices.
The failure modes are:
1) You forget your password/lose your security key and can't get access to the PW manager anywhere. Solution: they have recovery strategies based on emails (normally).
2) Somehow the PW manager provider gets hacked. Solution: none; all is lost.
(2) is the consequence of strong passwords; necessarily they have to be stored somewhere (if you can remember them they aren't strong), so you are putting all your eggs in one basket. The assumption is that it is a safer basket than Cafe Press, or, for that matter, Capital One, or, for that matter, GitHub and that you really do use a strong password for your password manager (plus extra authentication; I use a YubiKey).
John Bowler
Biting the hand that feeds IT
