Why is using a password manager better than a simple passwords.txt file?

With a password manager, your passwords are not stored in plaintext on your computer. In other words, even if a malicious actor gains access to your system they will still not have your passwords.

Password managers also do a good job of helping you create long and complex passwords (vs. smashing on the keys in an Excel document), in the event that the site you are logging into becomes compromised. You can also have different passwords for each site, further reducing your risk. Additionally, you can have a USB key that is required to access those passwords, so when you aren't near your computer you take away the access key. Attackers can brute force all day long, chances are they won't get access to the passwords. This beats a password protected file all day long.

Side note: when doing penetration tests, after gaining internal network access, one of the first things I do is search all shares on the Domain for the string: "Password". I get hits every time :( don't let that be you.


There are different ways of getting access to a system. Consider the following two scenarios.

Scenario 1: your apps are sandboxed, an app is compromised

Let's assume you use a system like Apple OS~X with Mac App Store apps. All your apps are sandboxed. Some apps, like text editors, have a legitimate reason to programmatically access your text documents. If one of those apps is compromised by malware, then the attacker will be able to read your password file.

However, assuming you have a password manager implemented as on Linux, where apps can use inter-process-communication to retrieve exclusively the passwords that they stored themselves, then the compromised app will not be able to extract all your passwords. It will only be able to query (and send to the attacker) passwords that relate to the compromised app itself. And the attacker could steal these when you type them inside the app anyway.

Your attacker would need to (1) break out of the sandbox and (2) either break the encryption of the file where the password manager stores your secrets, or get the password manager itself to run an exploit.

In this scenario, the password manager definitely represents an increase in security. Other attack vectors include things such as abusing virtual input interfaces to install keyloggers. Let's leave these aside for now, and just say that when sandboxed, at least you get to mediate and control which apps use such capabilities.

Scenario 2: no sandboxing, any app is compromised

Your text document is obviously vulnerable to every single app you have. More apps can be used as entry points to your system for the purpose of stealing that file.

Your password manager is barely protected at all. Attackers can trivially modify any aspect of your desktop to install keyloggers, cause you to load additional libraries on your whole user session, maybe even replace the password manager's binary. They might be able to inspect the memory of your running password manager, too, depending on the OS and how it is configured.

The attack is still significantly harder to perform than simply stealing a text file, especially if the exploit being used only allows the attacker to target and extract a single file rather than execute arbitrary code. Thus, the password manager reduces risk for more basic attacks, but not for more advanced ones.

Conclusion

Password managers provide some degree of additional security right now, as they encrypt the content of your passwords file and require attackers to compromise the password manager itself.

However, their true benefits will increase once sandboxing becomes more systematic. It will then become much harder to attack the password manager or the user session itself.