Because it’s about reducing attack vectors, and your password manager isn’t likely going to be a vector. Attackers are going to try and net as many users as possible, which means (aside from heads of state or C-suite executives being spear phished) they aren’t targeting individuals… They’re targeting the companies that those individuals have accounts with. Essentially, you as an individual aren’t important enough to bother trying to hack individually. As long as your password manager has a sufficiently long password, (and you’re not one of the 1% of individuals who are rich or powerful enough to actually target), hackers won’t even bother trying.
With shared passwords, every single service you use is a potential attack vector; A breach on any of them becomes a breach on all of them, because they’re all using the same credentials. And breaches happen all the time, both because any single individual employee can be a potential weakness in the company’s security, (looking at the accountant who plugged a “lost and found” flash drive into their computer, and got the entire department hit with ransomware), and because the company is more likely to be targeted by attackers. With unique passwords and a manager, a breach on any service is only a breach on that service.
So by using a password manager, you essentially accept that breaches in individual companies are inevitable and out of your control, and work to minimize the damage that each one can do.
Because it’s about reducing attack vectors, and your password manager isn’t likely going to be a vector. Attackers are going to try and net as many users as possible, which means (aside from heads of state or C-suite executives being spear phished) they aren’t targeting individuals… They’re targeting the companies that those individuals have accounts with. Essentially, you as an individual aren’t important enough to bother trying to hack individually. As long as your password manager has a sufficiently long password, (and you’re not one of the 1% of individuals who are rich or powerful enough to actually target), hackers won’t even bother trying.
With shared passwords, every single service you use is a potential attack vector; A breach on any of them becomes a breach on all of them, because they’re all using the same credentials. And breaches happen all the time, both because any single individual employee can be a potential weakness in the company’s security, (looking at the accountant who plugged a “lost and found” flash drive into their computer, and got the entire department hit with ransomware), and because the company is more likely to be targeted by attackers. With unique passwords and a manager, a breach on any service is only a breach on that service.
So by using a password manager, you essentially accept that breaches in individual companies are inevitable and out of your control, and work to minimize the damage that each one can do.