The inverse also doesn’t mean convenience is a bad idea, just happens 1Password has a strong security model and is convenient.

I end up helping a lot of older people for a variety of reasons with tech - 60s to 90s, family, neighbors, coworkers.

They’re not invalids and have a right to participate in the digital world, even if security requirements have exploded.

Anchoring the trust in stuff like 1Password where we setup domains, their account info, their OTP codes means they get to go to their bookmarked site, FaceID to unlock the PW manager, get automatically logged in, and do what they need.

Being able to let them navigate this world without always having to hand over the paper secrets notebook to random helpers, or lose sheets of paper with passwords, or get caught up in tracking down an SMS code is better for them. Their password manager with the autofill helps somewhat deter phishing links since relying on autofill usually signals something is off, and they call someone they trust.

My point, I guess, was that convenience is basic access for some subset of vulnerable groups of people.

Its a catch 22, with password requirements getting crazy its hard to remember them. At the same time storing the passwords with a password manager means you are entrusting them for your identity. For the first party sites the passwords are hashed, however for these password manager sites they are at the most encrypted with the encryption keys that the third party already has. This essentially means a rouge password manager or rouge individual in password manager service can run away with your plaintext passwords on scale

This frames the only options as mediocre and better, when the reality is likely the third, most common, and worst option: nothing.