Good advice, doomed to be wasted on folks who just want a quick, easy solution that lets them move on to the next item on their To Do list…
I cringe when I hear self-proclaimed experts implore everyone to "use a password manager for all your passwords" and "turn on two-factor authentication for every site that offers it." As most of us who perform user research in security quickly learn, advice that may protect one individual may harm another. Each person uses technology differently, has a unique set of skills, and faces different risks.
…because who wants to spend time thinking about all this stuff:
In this article, I'll start by examining the benefits and risks of using a password manager. It's hard to overstate the importance of protecting the data in your password manager, and having a recovery strategy for that data, so I'll cover that next. I'll then present a low-risk approach to experimenting with using a password manager, which will help you understand the tough choices you'll need to make before using it for your most-important passwords. I'll close with a handy list of the most important decisions you'll need to make when using a password manager.
Visiting the comment thread on the Bruce Schneier post to see just how many different ways a bunch of (presumably) bright people can devise to avoid using a password manager in favour of their own home-brewed solutions.
[Via Schneier on Security]