> Don't cherry pick, read the rest of my comment. It wasn't at all about any individual password complexity, it was about password managers that work with browsers in context of the blog post.

That's fair, but the aim of my response was to have a short discussion about the idea behind passwords and the fact that they're sent over the network, maybe someone has any input on that and why that's still such a popular approach.

As for the exact topic of the post, password managers within browsers feel too limiting as opposed to standalone software like KeePass, which can be used for desktop applications, servers (including certificate storage) and anything else, really. But talking about that wasn't my goal.

> Out of curiosity, what does haveibeenpwned.com say about your most used email?

"Good news — no pwnage found!"

Mostly due to using about 10 different e-mails for different purposes and throwaways for questionable sites.

If you're copy-pasting passwords as you mentioned you've already lost 'theoretical hole' game. Everything that has any sort of basic privileges on your machine can read a clipboard as soon as you put something there.

> But talking about that wasn't my goal.

Too bad, because passwords managers in browsers are the end of the line as passwords go. Vast majority of people wouldn't be copy pasting passwords, not because it's different kind of less secure, but because it's not convenient.

Passwords are inherently flawed or they wouldn't be what we call passwords. You're trying to solve something that is already solved with 2FA, passwords just need to be there as a bare minimum that should't be considered secure by itself no matter how complex any of them they are.

That is a fair point! Yet it's sad that we live in a world where our apps aren't sandboxed properly and where we have to worry about our own devices being compromised.

However, 2FA really is one of the few solutions that could work here, unless the method used can also be compromised.