Actual password managers (eg not my old excel sheet) protect you against url doppelgänger and related phishing attacks, as well as incidentally discourage password reuse. 1Password can even now warn you if you try to paste into the wrong website (https://support.1password.com/browser-autofill-security/)

>Vibecoding a password manager might be the worst idea ever.

I mean I'm just spitballing here, but not convinced this is true.

From a formal security theory perspective certainly, but practically...nobody with half an ounce of skill is going to spend their time breaking one individual's custom solution that almost certainly just contains their hn password. That's if you can even get to it - selfhosted password managers are usually on LAN/behind vpn.

Risk profile wise the thing could be a god damn plain text .txt on a LAN network drive and still outperform a Lastpass.com that by definition has a giant hack-me sign on it's back.

The crypto part barely moves the needles here

People mock Excel's encryption, mostly based on the outdated binary format's "encryption" (which admittedly was a joke). Modern Excel is actually legitimately secure, it uses PBKDF2 (5K rounds) to hash the user's password then AES-256 for the actual encryption.

So while Bitwarden is more secure than modern Excel out of the box, neither one is a slouch. You'll definitely spend a lot of compute cracking either one. The weakest part, as always, is the user's password.

I wouldn't worry.

The mythical Mythos can't even find Claude code bugs before releases.

True. No chance of me putting a DIY password manager on the open internet though. Would be behind WireGuard etc

I don't think concerns around Mythos are well founded. Highly doubt it will happen.

The concerns around Mythos are not well founded