The point is to not type anything (except for your master password into the pw manager from time to time).
Strong passwords don’t get typed nor remembered (and are not shared across services) - the pw manager generates them for you. (But I’m sure you know that already)
1 Like
IMO for most people chrome password manager is pretty fine. (And much better than no password manager)
2 Likes
For most people maybe, but not for tech savvy Phil 
I know you’re here to vent a little (IMO no harm in that).
Can you upgrade to one of the IBKR 2FA flavours?
You use a password manager, so I assume you generate random passwords for every account.
The problem with the Chrome build-in Password Manager is that it cannot generate passwords. And people are rather bad at generating a random and unique password.
1 Like
What I mean is: I access IBKR via Chrome, so Chrome already has my password. By using a 3rd party pw manager, now Chrome AND the 3rd party password manager has my password - so increases the risk.
Plus all 3rd party password manager have a pretty poor security history.
Yes. I’m already using 2FA with IBKR.
I wanted to warn so that others don’t make the same mistake as me.
That’s not what you wrote in the title.
It definitely does generate strong passwords.
There’s also some audit with:
- compromised passwords (based on public leaks)
- reused passwords (it groups passwords that are the same across different sites)
- weak password (my random passwords from a few years ago from pwgen with 6-8 characters are considered weak)
(Also google security teams are world class, even if you don’t like google because of other reasons, the password manager is really good)
4 Likes
I think the title serves to attract attention to security risks for IBKR users.
Talking about click bait
NordPass has a nice overview of browser based vs standalone passwor manager (Link).
Basically they highlight that they are an edge safer & have more features (like PW leak scanner etc, but apparently Google does the same?). Personally I value the added security, but I agree for most it’s totally fine to use browser-based/free PW manager.
In 99.9% of cases problems do anyway not arise because someone cracked an encryption, but due to some human errors.
1 Like
Considering lots of people use the same password on every site and have it written down on a post-it note sticking to their monitor, even a shitty password manager is a massive step up.
One might argue that in increasingly digital world the post it hidden in your home might be the most secure place to keep your password.
Most hacks these days happen online and not by breaking into our homes
3 Likes
with post its I’m just worried about what happens if my house burns down or ends up under a glacier.
5 Likes
So you have stored your credentials in the browser.
I personally use password apps for password management like 1Password. Worth the 3 CHF per month.
1 Like
In that case - I would be happy to be alive as escaping fire & glacier is not something many can claim 
You keep a double encrypted in another “safe-ish” place. The encryption key is yet in another place. ^^
So you pay to expose yourself to additional vulnerabilities: