Probably a boring answer but I know my grandmother’s credit card information. I live with and help take care of her, so she doesn’t mind sharing it with me. Not like I’m planning to do anything nefarious, but I guess technically it could ruin her financially.
I have a lot of relatives who look to me for tech support. I used to have them choose their own passwords, or tell them to change it if I set one for them (they never change it). Then, inevitably, I’d have to help them reset those passwords the very next time they need to log in on a new device, or their sessions expire.
I tried to set them up with password managers, and some picked it up (my siblings). Others quickly forgot their master password, meaning I then had to sort out recovering ALL their various accounts.
Once I literally used a known exploit to hack into an old android tablet that my youngest sibling managed to forget the screen-lock for.
Now I just shamelessly save a bunch of other people’s passwords, pin-codes and other access details using my password manager, because they literally do not care. And it’s straight up more secure than the post-it notes some of them would use if I let them. They know I do this, I’ve made it clear that if they want my help but won’t follow my advice when I’m not there, making my life harder, further help comes with giving me unreasonable levels of access to their digital lives.
I’ve never misused it, and I never will. I take steps to be extra secure because I know I’m a single point of failure should my password database ever be breached somehow. But I could ruin dozens of lives.
If you’re using bitwarden or keepass then it should be safe. Anything else is asking for trouble.
Self-hosted and entirely under my control, yes. Any other manager that encrypts the store in a way where even when breached it’s not useful, should also be safe…
But truly knowing is best.
The problem with that is that you can never truly know that they actually do that unless the clients are open source.
I haven’t gotten to that point yet, but I am very close.
I set up my mom and brother with a multivault password manager (1password) where our vault passwords are saved to a shared vault in case we forget our passwords/die - given the level of familial trust I think it’s an acceptable risk especially with how badly we got burnt by trying to get into utility accounts and the like after my father died.
BitWarden does have something similar via “backup access” and “organisation” vaults. I’ve not looked at setting up either, yet.
Writing passwords down isn’t that bad, actually. We humans are very good at securing little pieces of paper; just put the one you wrote your password on with the other valuable pieces of paper, in your wallet.
It’s “sticking the post-it note to the computer screen” that’s the problem.
Just in theory, could you be held accountable if they did something illegal and you have access to that stuff?