Why My Family Hates Password Managers (And Why They’re Wrong)

Every time I bring up password managers at family events, you’d think I just suggested we all tattoo our Social Security numbers on our foreheads.

“Why would I trust some app with all my passwords?”
“I just use a few I can remember. That’s safer, right?”
“Don’t they get hacked too?”
“Write it down? No, I keep it all in my head. Like a fortress.”

Bless their analog little hearts.

Let’s break this down. Not just because I’m a cybersecurity professional who’s slowly dying inside from watching my relatives get phished, but because you (yes, you, reading this) probably believe some of the same crap. Let’s go through it together, shall we?

1. “I Don’t Trust Apps With My Passwords”

Oh no, you’re right. Far better to trust your sticky note-covered monitor, or that spiral notebook you call “my private journal” that your cat knocked off the counter last week. So secure.

Password managers encrypt your vault locally. Meaning no one, not even the company behind the app, can read your data without your master password. It's like if you kept all your sticky note passwords in a vault at your house and made sure each sticky note was a different password for each site you use.

Here’s the real kicker: if you reuse passwords across sites, a breach in one (like, say, [checks notes] literally any site ever) compromises them all. It’s not a matter of “if.” It’s just a countdown.

2. “What If the Password Manager Gets Hacked?”

Yes, and what if your house gets hit by a meteor while a raccoon steals your wallet? Let’s apply some actual logic.

In the few very rare instances where password managers have had breaches, user data was encrypted and unusable. Contrast that with every single website you’ve reused your password on that didn’t encrypt it properly, leading to your Netflix getting taken over by a teenager in Belarus.

Also, if your excuse is “they might get hacked,” while simultaneously using “LetMeIn123!” for everything including your email or banking account, you’ve misunderstood the assignment.

Most "hacking" is successful by compromising the weakest part of the chain: you. You get tricked into giving up your credentials. It's not like the movies where a savant in a hoodie types some magic code into a command line interface and bypasses a firewall in 10 minutes.

3. “I Use a Few Passwords I Can Remember”

Right. You and every other walking, phishing-prone carbon unit on Earth.

If your “system” is just rotating the same 3 passwords with different numbers at the end ("Password1!" → "Password2!"), guess what? That’s not a system. That’s a buffet for credential stuffing bots.

You need strong, unique, randomly generated passwords (or better yet, pass phrases). You can’t remember those. That’s literally the point of a password manager. Your brain isn’t a secure enclave; it’s a stress ball full of cat memes, recipes, and trauma.

4. “I Just Let Chrome/Edge/Whatever Browser Save My Passwords. Isn’t That the Same Thing?”

Absolutely. After all, isn't the latch on a public bathroom stall the same thing as a vault lock on a bank door?

Listen, saving your passwords in Chrome, Edge, or Safari is better than nothing... but it’s sort of like keeping your house keys under the doormat and hanging a sign on your door that says "Remember, Kyle, the spare key is under the door mat." You’re counting on the browser itself not to be compromised, hijacked, or accessed by anyone with physical access to your machine.

Also, browser managers generally:

• Are much easier to compromise through extensions and addons that are often installed without a second thought.

• Don’t alert you when to change weak/reused passwords.

• Don’t securely share logins across devices outside their ecosystem.

• Don’t let you audit or organize your credentials like a real password manager.

• Won’t stop you from saving your banking login as “password123.”

• Don't tell you if the credentials you're using are on the dark web (yes a legit password manager can do that)

Browsers are more like training wheels. Password managers are the armored SUV with biometric locks and a fire extinguisher. Don’t settle for the browser’s version of “meh, good enough” security. It may be more convenient and "works out of the box" but you sacrifice security for that convenience.

5. “I Don’t Want to Rely on One Thing for Everything”

You mean... like how you rely on your brain, which forgets where you parked and calls your niece by the dog’s name?

Yes, there’s a single point of failure: your master password. That’s why you...

• Make it a strong pass phrase.

• Enable MFA for logging in.

• Consider using a passkey instead of a master password.

Hard Truth: You’re Already in the Game, Whether You Like It or Not

If you're online at all (banking, social media, shopping) then you’re a target. You don’t get to opt out of good digital hygiene because you don’t “understand computers.” If you want the convenience of using digital systems, you assume the responsibility of understanding basic cybersecurity for yourself.

Password managers aren’t just for nerds or IT pros. They’re for anyone who doesn’t want to spend their Sunday trying to reclaim their Gmail account from some dude in Indonesia who stole your identity.

Final Thought: Security or Convenience... Pick One

Usually this is right, but when it comes to Password Managers you can have both. That’s the magic of them. One app. One master password. Infinite “please reset your password” emails avoided.

Or, y’know, keep trusting your browser, your memory, and your gut. Just don’t go to the tech-savvy cousin of the family crying when your “JesusLovesMe77” gets you ransomed for $500 in Apple gift cards.