Alternatives are orders of magnitude worse. I know people who derive passwords themselves, reuse passwords, etc, etc. All a really bad idea. As a programmer, I understand encryption. I trust it when it's done correctly. That's why I like 1Password. I don't use a centralized server and the only thing shared is an encrypted file on dropbox. The Chrome plugin has to decrypt things every time it's activated. The smart phone apps also use strong encryption. Using a password manager is a security best practice.
I see that as the same level of risk you take for your computer security in general. If, for example, they can access your computer directly, they could install a key logger and capture all your passwords as you use them anyway. Good password managers are always encrypted until you're in the act of using them. Also, using a disk encryption is key as well so even if they stole you laptop, the disk itself is encrypted (on top of the password manager data file being encrypted). The software itself has internal checks to ensure it hasn't been tampered with. For example, every time the software updates, you'll have to restart your browser because the plugin no longer matches exactly with what is expected.
But hey, do what you want. I'm not a salesman for them or anything. I just care about a secure Internet. Some systems like Lastpass have centralized servers which do increase the risk. That's why I prefer 1Password. Your concerns aren't unwarranted, but the alternatives (password reuse, storing your own "password file" somewhere, trying to create passwords you can remember, etc) are all much worse from a security perspective.
If interested, google "why should i use a password manager" and read on.
Alternatives are orders of magnitude worse. I know people who derive passwords themselves, reuse passwords, etc, etc. All a really bad idea. As a programmer, I understand encryption. I trust it when it's done correctly. That's why I like 1Password. I don't use a centralized server and the only thing shared is an encrypted file on dropbox. The Chrome plugin has to decrypt things every time it's activated. The smart phone apps also use strong encryption. Using a password manager is a security best practice.
what if someone gets control of your password manager though?
I see that as the same level of risk you take for your computer security in general. If, for example, they can access your computer directly, they could install a key logger and capture all your passwords as you use them anyway. Good password managers are always encrypted until you're in the act of using them. Also, using a disk encryption is key as well so even if they stole you laptop, the disk itself is encrypted (on top of the password manager data file being encrypted). The software itself has internal checks to ensure it hasn't been tampered with. For example, every time the software updates, you'll have to restart your browser because the plugin no longer matches exactly with what is expected.
But hey, do what you want. I'm not a salesman for them or anything. I just care about a secure Internet. Some systems like Lastpass have centralized servers which do increase the risk. That's why I prefer 1Password. Your concerns aren't unwarranted, but the alternatives (password reuse, storing your own "password file" somewhere, trying to create passwords you can remember, etc) are all much worse from a security perspective.
If interested, google "why should i use a password manager" and read on.
Loving your input, followed Luke.
I knew this thread would be a beauty like I said, for finding nuggets in the comments (: