I think the risk analysis needed here is:
- Likelihood you are using the same weak password on every site with the same email as your username.
- Likelihood that Kyle is a secret agent spy with plans to steal all our secrets with malware someday once we’re all lulled into a sense of security.
I personally think 1 for me is fairly high if I couldn’t use a password manager… though I’d hope the passwords weren’t weak and I’d at least try to salt the password with some deterministic info from the website… but yeah, it’d prolly be weak sauce.
I personally think 2 is a fairly low probability. In general, I think that single devs who live eat and breath security software tend to be better at opsec than “bob that was hired at logmein to man up the mobile app deploy division of LastPass. Fresh out of coding boot camp.”
But hey, that’s just my assessment… I think 1 is 99.9999999% for most normal people, which is why I recommend Bitwarden even if there’s a 0.0000001% chance for 2 in my eyes.