then why would that password tresor user win, after his credentials were leaked by a database breach -- before other select people that weren't compromised but abstained from said software.
Its generally incomprehensible to me why some people don't want to use password tresors -- its so much easier after all - but his argument was flawed.
Within a margin of error, zero people can remember 20 16-character random alphanumeric passwords. Therefore it is only possible using some sort of password manager, whether it be something like 1password or an old-fashioned notebook.
You need to specify your margin of error. ± the full population of humans on Earth is "a margin of error".
I may be an outlier, but I certainly remember 10+ 20-25 character random full-printable-ASCII passwords, some of which don't let a password manager handle them, others which I don't want to have in a manager. And then there's my password manager master password, which is close to 70 characters long.
And I have shitty memory—I wouldn't be able to remember what happened more than a few days ago if my life depended on it.
Nitpick nitpick nitpick: "margin of error" without any value effectively means "the following value has no meaning at all", as the margin of error is unspecified.
I still think algorithmic passwords are safer. I could get access to all of your passwords via a simple keylogger to scrape your manager's master password. There's no way you can get at mine because the master password is the algorithm in my brain. You could try to get 2-3 of my existing passwords and reverse engineer my algorithm, but in the words of Liam Neeson: "Good luck"
Last person standing gets a prize.