> I, personally, think that password managers contradict the idea of passwords. A password is something that YOU know. You and nobody else. Ideally not even the system you access.

That's the theory of passwords, but it has been demonstrated that most people simply can't manage their passwords.

I have about 600 passwords stored in my password manager.

Without a password manager, I'd have to reuse passwords (either partially or fully) to manage all of that.

A much better option is to get my password manager to generate a random password for each of those sites.

My Hacker News password, for example, is 60 characters long and contains upper and lower case letters, numbers, and symbols.

Not that it matters much in practice, but a 60-character uniformly random password is overkill. Given that a 128 bit key is considered secure and one may occasionally need to type a password due to technical constraints, 21 randomly selected characters from a 72-character alphabet is enough. Double it if you want to target 256-bit security, but the threat model here doesn’t really support that. Are you expecting a large-scale quantum computer attack on the HN password hash database?

I think that the idea of passwords has shifted over time.

Today we are using more and more accounts, almost every website or service seems to require an account for something. It's impossible to remember strong unique passwords for 300 different websites. Anyone with that many accounts who isn't using a password management system is almost guaranteed to be re-using the same passwords or patterns.

Data breaches have also become more common and accessible to bad actors, to the point a script kiddie or hacker could look up your email, see much of your old passwords, and use that to help bruteforce your current password for some important account.

Password management defends against this by allowing you to use random meaningless passwords for each website without needing to remember each one. There is no more human element in picking your password, and your old passwords become useless for any would-be intruders.

> If you can't remember your passwords, then use something else.

Not practical to remember hundreds of long, randomly generated passwords, so I use something else such as a password manager that only I can access.

Offline password managers.

> Ideally not even the system you access.

But you really can't know if the system handles passwords correctly or just stores them as plain text into a database. And memorizing a unique password for each system you want to access seems like a hard task.

keypass works great! Nobody knows or has your passwords except you, and you still only have to remember one complex password. password managers aren't the problem, it's the idea that other companies should have access to all your stuff.