Do you Trust password managers?

Password managers are very popular these days. There are some that store your passwords locally (e.g., KeePass), but vast majority store your passwords online. Two, most popular ones are 1password and LastPass.

All online password managers claim they are secure. But do you know that for sure? Additionally you have no idea what code changes developers working on them are making everyday. You have no idea whether that 128-bit identifier generated locally is actually unique, and cannot be sniffed by spyware on your machine.

Is storing all password in 1 place, behind 1 password better than reusing passwords on multiple sites? When website it being hacked, they usually leak encrypted password (most of the time with salt). If somebody get access to all your passwords though, you are in BIG TROUBLE. I don’t feel I need to even explain what can happen. It didn’t happen to the most popular managers yet, but…

I believe password managers are useful, but should not store most sensitive passwords there. Including your e-mail, bank account, etc. Remember these, or store them on external flash drive. You can also use KeePass to encrypt them. Additionally, you should not store, not-generated passwords. If these get compromised attacker gets some idea what your other passwords can be.

What’s your toughts? Are you using password managers?