Any site that stores your passwords could be hacked in the same way as Adobe.
I go lo-tech.
My password vault is a manila folder, which sits among a stack of other manila folders on an end-table in my kitchen (not particularly near my computer). Each record consists of a separate sheet of paper, showing the site, its URL to log in (not always the home page, which one can sometimes bypass), log-in name, password, security questions and my (not-always-for-real) answers, and other details I need to know about using the site.
Hackable only if someone physically breaks into my apartment AND knows what he’s looking for and where to look for it.
That doesn’t seem like an good trade-off between security and ease-of-use. In fact it sounds rather inconvenient and not especially secure. I think I’ll stick with KeyPass.
Never seen a hacker be able to use a computer to get into a manila folder.
YMMV
Right - accounts are being hacked right now because people used similar or related passwords on multiple sites. And the bad guys are only getting better at guessing similar passwords.
If you’ve ever re-used passwords in multiple places, or similar passwords, or related passwords, please go change them now. It will come back to bite you (or your friends) one day if you don’t.
I’ve been “at the table” a couple of times; the purpose is to avoid having two people vote under the same ID. We didn’t have any fancy card readers, tho, just old fashioned paper and pens.
But the “manilla folder” end is not the problem end of the system these days. Unless you are particularly famous or wealthy, it’s not worth the effort to hack into your computer to get just your passwords any more than it’s worth the effort to break into your house to steal your manila folder. It’s the other end that’s getting compromised, because getting hundreds of thousands of passwords is worth the hackers’ time and risk of getting caught.
You protect against the other end getting its hashes leaked by having very long and random passwords that are hard infer from hashes, and having unique passwords for each site so one site’s leak can’t be used to compromise your accounts on other sites. That’s what password managers facilitate.
but the reason for having a manila folder in the first place is because you have many long, unique and random passwords.
And a password vault can give you the same thing, only more so, because you aren’t even limited by the the “has to be simple enough that I can read it and type it in given a small number of tries without fat-fingering it”. I argue that the attack vector of “someone hacking into my computer and stealing my password vault” that the manila folder is meant to avoid is uncommon enough that it’s not worth the additional complexity in defending against the more common attack vector.
(Additionally, the most common method for someone going the “steal passwords from your computer” route to use is to install a keylogger on your machine and record your keystrokes as you’re typing your password in. The manila folder doesn’t protect against that at all, while a password manager provides some protection because you’re not ever typing in your passwords via the keyboard.)
Another vote for simple: Mine is a two page Excel doc, with a couple of hundred long non-repeating passwords. I have it well hidden in the excel files, and I keep a recent physical printout for emergencies, also well hidden.
If one is using unique, unguessable passwords then I think the storage medium makes little difference. As leahcim said, unless someone wants to target you directly, nobody is going to go into your house to look for passwords. I let my browser store most of the passwords. The issue then becomes convenience. Folders and Excel files don’t work for me because I need to access my passwords from multiple computers and locations.
Bruce Schneier recommends writing down your passwords on paper. Because people are better at securing pieces of paper than their computers.
Granted, that’s an old article. And for an active user, a good password manager + 2FA is probably better (and no less convenient). But a pencil and paper is still pretty good.
Letting your browser store passwords is not the worst idea in the world, but it’s not very secure, especially on a laptop or shared computer.