‘Why would I put ALL my passwords in one place?’ Marilyn, that’s the point. Here’s why.
Hackers stole 30 million password vaults in the worst breach the industry has ever seen. Almost none of them opened. The people who got robbed had one thing in common, and it wasn’t the password manager.
🤯 WOW! Thieves stole backups of roughly 30 million LastPass vaults in 2022 and still had to crack them one at a time, offline, for years. The encryption held. The weak master passwords didn’t.
The Short Version: One long master password, two-factor turned on and one trusted person named for Emergency Access. Fifteen minutes, and you’re done.
📖 Read time: 3 minutes
ChatGPT/Kim Komando
I need your help: Add Komando.com as a preferred source on Google
“Kim, everyone tells me to get a password manager. You recommend NordPass. But that means every password I own sits in one place, behind one password. Isn’t that building a bigger vault for a hacker to crack? Feels like putting all my eggs in one basket and handing the basket to a stranger.” — Marilyn in Tulsa
Marilyn, yes. It’s all in one basket. That’s exactly the point. Stick with me on this.
Here’s the part nobody explains, and it’s the whole reason to trust these things.
🔐 They can’t see your passwords
Real password managers use something called zero-knowledge encryption. Your vault gets scrambled on YOUR device, before it ever touches their servers. The key that unscrambles it is built from your master password, which the company never receives, never stores, never sees.
Translation: They are holding a locked box they cannot open. If a burglar hits their warehouse, he gets your box. Not what’s in it. And we are not guessing here. We have results.
In 2022, hackers breached LastPass and walked off with backups of roughly 30 million customer vaults. The worst breach the industry has ever had. But the encryption held. The thieves could not simply read those vaults.
So who got hurt? The people who used lame, weak master passwords like Password, Letmein or 123456. Those vaults cracked open. Federal investigators have tied a $150 million crypto theft to that breach.
Read that twice, because it’s the entire lesson. The vault didn’t fail. The passwords people chose to lock it did.
🗝️ So do two things
- Length matters. Make your password manager’s master password LONG. Not clever. Long. Length is the only thing that slows a cracker down. Four random words you’d never see together beat “Tulsa1982!” every single time.
- Final step. Set up the feature nobody ever mentions, Emergency Access. This lets you name one trusted person who can request access to your vault if something happens to you. They ask, a waiting period starts, and you can deny them. If you can’t deny them, well, that’s the situation we’re planning for.
I hear this a lot. Someone dies, and nobody can get into the bank, the email, the insurance, the photos of their own grandchildren. Locked out of a life they helped build.
Marilyn, one basket is fine. Just make it a basket with a lock nobody can pick. That’s NordPass.
It’s the password manager I recommend, with the same zero-knowledge encryption we just talked about, plus Emergency Access baked right in. Full disclosure: They are a sponsor of my national radio show, but I used them before that happened.
✅ Right now, you can get NordPass for 52% off, just $1.43 a month. That’s less than the eggs you’re putting in the basket.
FYI, my password is beefstew. The computer keeps telling me it’s not stroganoff.
📩 Send this to someone who keeps their passwords in a spiral notebook and is very proud of it.