For those that store your information on an online manager

[TravelMug]

It doesn't stop there. It also means he either never research about LastPass or intentionally ignore past LastPass security incident that happen almost every year.

People are lazy, they don't do research and they do not also follow events that happen in the industry, and many times they regret it in the end when it comes back to bite them. It does not cost much to get a hardware wallet, or to buy a stainless steel and engrave your seed words, but many people want to do things the 'convenient' way.

In my case, I just uninstalled LastPass already, I don't know, but it seems that I'm not comfortable with it. If we could invest on thousands of dollar into crypto, then why not invest on a hardware wallet itself?

Or if we want to go to extremes, then stainless steel could be one of the best solutions as well.

[NotATether]

I hate LastPass with a passion.

They failed all of their paying customers that day when they let themselves get hacked so easily from a developer's PC.

They knew something like this could happen but thy preferred to treat us as data points and analytics for repacking and selling our usage data instead.

As soon as the breach happened, I started searching for alternatives and eventually landed on Proton Pass.

The good news is, at the time, I was paranoid about security, and encrypted my keys in a 4096-bit RSA GPG file with a super long dice ware password.

So thats two layers of security that nobody is busting through that any time soon.

[Bobcrypto]

It's worse than saving password to Google drive.

I do not know which one is the worst but I see them all as the same unless it is offline. Only offline savings of information like that I can consider safe and secure.

The one that is worst is not important, the most important and safer means to save passwords is by writing them on book and keep on a safe place in your home. There may be breaches if password are stored on an online managers, or may be compromised in my opinion.
To avoid complications with online password managers, like I have said, it is better and safer with  personally written down on a book to properly manage your password at any time.

[Forsyth Jones]

It's worse than saving password to Google drive.

I do not know which one is the worst but I see them all as the same unless it is offline. Only offline savings of information like that I can consider safe and secure.

The one that is worst is not important, the most important and safer means to save passwords is by writing them on book and keep on a safe place in your home. There may be breaches if password are stored on an online managers, or may be compromised in my opinion.
To avoid complications with online password managers, like I have said, it is better and safer with  personally written down on a book to properly manage your password at any time.

I think that writing down passwords in a notebook/book/diary is an insecure act, imagine the damage if someone has access to these notes.

An offline password manager is much easier and more practical to manage passwords, whereas in a physical notebook, you have to search for your password, page by page. In addition, the database is stored locally and you can make several backups, you cannot lose your master password.

[PX-Z]

I think that writing down passwords in a notebook/book/diary is an insecure act, imagine the damage if someone has access to these notes.

An offline password manager is much easier and more practical to manage passwords, whereas in a physical notebook, you have to search for your password, page by page. In addition, the database is stored locally and you can make several backups, you cannot lose your master password.

As long as it's stored in a secure and discreet location, or maybe at the very least, a place that's well-protected then it should be fine. Ultimately, it also depends on the general safety of your area. If your surroundings are relatively free from theft or break-ins, then the risk is minimal. But if you're in a place where security is a concern, it's better to take extra precautions.

[albon]

There is an extreme case here where people tend to believe too much and too quickly. Experience will tell you that it is not wrong to believe too much but some of these people due to their lack of experience, do not want to understand when they are told about the danger. However, I always recommend turning off browser password managers, especially if those passwords are related to your crypto wallet. Some offline password managers have strong encryption where you can keep your passwords safe.

[Aanuoluwatofunmi]

It is no more new but more losses are always linked to LassPass which was an online password manager. Before the stolen of more information that the hackers are using to steal from people, we warned people but they did not listen. LassPass issue has started since 2021 or 2022 until hackers were able to have full access to people's information and using it to steal from them.

What makes us not to even believe on this same set of people as the hackers, they will create an online manager to store peoples information and then later choose to sell them on third parties and earn from such as the expense of our own detriments, we should know the kind of information that we are going to set or store online, any centralized platform and data managers are not truly secured for the safety of our information, because they are centralized and can be under attacked or be the scammers themselves.

[rby]

I do not know how someone will be able to sleep comfortably overnight and have a private key that have access to millions of dolar worth of coin on an online manager.

It is actually because of reasons like this that I do not save important passwords on the internet. My best practice has always been to either use my brain memory or write out my passwords on paper. This method has saved me from having horrible experiences like this.

What makes us not to even believe on this same set of people as the hackers, they will create an online manager to store peoples information and then later choose to sell them on third parties and earn from such as the expense of our own detriments.

This makes a lot of sense. Why would they permit unauthorized access to vital information on a site that is supposed to be private? They are all involved in this, but unfortunately, the victims cannot hold them responsible. The best anyone can do for himself is to be mindful of what he shares online.

[joniboini]

My best practice has always been to either use my brain memory or write out my passwords on paper. This method has saved me from having horrible experiences like this.

I'd encourage you to stop relying on your memory, though. While long-term memory can be quite reliable, we don't know what the future holds for us. My sister's husband had a stroke a few years ago, and he forgot most of his bank passwords. Fortunately, his memory was back relatively quickly due to fast treatment, but things can go wrong easily. I think most crypto enthusiast also discourages people from relying on his memory to remember their seed phrase, private key, etc.

[SamReomo]

I do not know how someone will be able to sleep comfortably overnight and have a private key that have access to millions of dolar worth of coin on an online manager.

Lastpass like managers are there to make money and that's it the ones who use those managers don't really understand the psychology behind it and that's the reason they lose their money. When someone is not technically smart and he/she trust a third party software or any third party then the result is loss only.

[Forsyth Jones]

As long as it's stored in a secure and discreet location, or maybe at the very least, a place that's well-protected then it should be fine. Ultimately, it also depends on the general safety of your area. If your surroundings are relatively free from theft or break-ins, then the risk is minimal. But if you're in a place where security is a concern, it's better to take extra precautions.

In my view, most people are lazy or careless when it comes to web security. For people who have 130 accounts, the chances of them creating a complex password for each service are lower when writing them down in a notebook.

Besides that, the paper can be lost/burned and it would be quite costly to back it up, whereas an offline password manager, in addition to offering greater protection due to being encrypted, makes it easy to create multiple copies with a simple copy/paste command.

I respect if you think storing passwords in a physical notebook is safer and if you have only a few passwords, it might work better for you.

~~ A practical example of how a password manager is much better for creating complex passwords, as it's based on the randomness of the algorithm (I was going to take a printout, but for keepass security reasons, it won't let me) 

[bayu7adi]

I do not know how someone will be able to sleep comfortably overnight and have a private key that have access to millions of dolar worth of coin on an online manager.

It could be because it hasn't detected any threats yet...we can only consider it a threat when suspicious activities start...even people who store important data connected to large assets offline will only realize the threat when they detect some suspicious actions...so a person's security will only start to be categorized as dangerous when someone hacks their wallet...when that happens once, the related service will be abandoned, and users will start to improvise security...

And for online security managers, I'm not really interested in that... I've never used the services of an online security manager... it's hard for me to trust something to someone I don't even know.

[rby]

My best practice has always been to either use my brain memory or write out my passwords on paper. This method has saved me from having horrible experiences like this.

I'd encourage you to stop relying on your memory, though. While long-term memory can be quite reliable, we don't know what the future holds for us. My sister's husband had a stroke a few years ago, and he forgot most of his bank passwords. Fortunately, his memory was back relatively quickly due to fast treatment, but things can go wrong easily. I think most crypto enthusiast also discourages people from relying on his memory to remember their seed phrase, private key, etc.

You are right, and I am already aware that brain memory is not always reliable. That is why, in addition to relying on memory, I write down important information like my seed phrase and private keys on paper and store them in very safe locations. No one should be advised to rely solely on memory, that is a very big recipe for disaster.

[Forsyth Jones]

You are right, and I am already aware that brain memory is not always reliable. That is why, in addition to relying on memory, I write down important information like my seed phrase and private keys on paper and store them in very safe locations. No one should be advised to rely solely on memory, that is a very big recipe for disaster.

If you're properly storing your seed phrase, you don't need to write down the private key of addresses derived from that same seed phrase. However, it can be useful if you want to import just a single WIF privkey into another wallet, especially since more and more wallets is moving away from revealing WIF private keys.

What I also recommend is saving both the seed phrase and the fingerprint (especially for those managing multiple wallets through passphrases). This might be a good topic to address this issue and discuss security best practices regarding the use of passwords. 
Do you guys store your passphrases in offline password managers too?

[kontroll]

I recommend stopping using browser password managers, although they've evolved over time, they still cannot compare to the security of an offline password manager like keepass, which works even without an internet connection, since the database is saved locally.

I installed a Keepass extension on my browser, so I don't have to copy and paste every password I need. I believe it should be safer since it doesn't put anything on our clipboard just in case a malware is lurking around.

If you go the extra mile and use QubesOS or something with a similar compartmentalizing approach, you do get protection from those kinds of vectors since clipboard sharing is triggered only via dom0 ("root domain"), even escalating to root in a compromised AppVM ("user domain") shouldn't give access to clipboard contents of other AppVMs. It does take some dedication to set up but I believe it does pay off.

Still don't put your secrets on other peoples' clouds, though, yeah.