Recently, my attention was grabbed by a research paper written by three Google researchers with title “No-one can hack my mind: comparing expert and non-expert security practices” (tinyurl.com/ozp4y6j). Its abstract suggests that “average users” and “security experts” are miles apart in their thinking. On one hand, non-experts think in terms of antivirus software and regularly changing strong passwords. On the other hand, experts primarily focus on prompt installation of security patches, two-factor authentication (2FA) and strong, unique password which is controlled by manager software.
The overlap between these perspectives is so little that average users may overlook 2FA, patching and password management completely. Instead of getting it wrong, they could certainly do better by, for example, adopting a password manager. Meanwhile, some of those non-experts preferred remembering their passwords by other methods that were less easy to hack, such as writing them down or simply keeping them in their head. Therefore, the authors encountered skepticism from those non-experts. Given the recent and lamentable security breach at Password Manager, you might be forgiven for thinking that they have a point.
There are online password managers and offline password managers. Online password managers have the significant benefit that your passwords are available on anyone's computer, but they also carry somewhat more risk. Partly, the online database could be breached by hacking, court order, malicious insider, etc. Also, because they integrate with browsers, it has a larger attack surface. Consequently, there could be technical vulnerabilities (which are unlikely with a standalone app like Password Safe).
It is true that offline password managers carry relatively little risk. The saved password is a single point of failure but your computer is a single point of failure too. Getting malware on your computer is the most likely cause of a data breach. Without a password manager, malware can quietly stay and capture all the passwords you use. It will be terribly worse only when the malware has decoded the master password with the help of a password manager. It is just theoretically possible that Trojan could infect the password manager. I feel comfortable trusting widely used password managers, like Cyclonis Password Manager(free) and 1Password (Paid).
Password Manager fits for both personal and small-business use. It protects your computer right after booting. Even if your password for windows account is changed by others or virus, the password still can be decoded by Password Manager. Without any network, Password Manager offline is in position to protect your data. Getting started requires nothing more than a click to download, unzipping the file and installing. Do something for your PC safety now