Opinion - What are your thoughts on password managers? Do you use one? Would you recommend it to others?

Bitwarden all day every day. I don’t even know any of my passwords because they’re all randomly generated. Try to guess my password now hacker man

Bitwarden, all the way.

What are your thoughts on password managers?

They are mandatory in current digital age.

Do you use one?

Yes. Bitwarden.

Would you recommend it to others?

Already do and most are receptive to it once you show them that every single one of them were caught up in a breach at some point.

Bitwarden is really great imo.

A password manager is an absolute must, in my opinion! I use Bitwarden and love it.

I'm in the Bitwarden camp. There is no other way for me to have complex/secure passwords and remember them for my gazillion accounts.

Everyone should be using a password manager. Every service should have a different password (and some service should have several passwords) and it's impossible for the average person to keep track of all of those. Every time I hear about someone losing control of an account it's because they were using the same password as another service.

I recommend:

KeePassDX: Can be completely offline. Probably the most secure but can be a little awkward to use sometimes.
Bitwarden: Cloud based but open source. You could run a server but the main service offers MOST of the features for free.

Your mileage may very with some of the proprietary platforms. However my job uses 1 Password and it seems to be fairly safe.

Password manager-less life with notebooks and reused passwords is life in the stone age. If you or anyone you know isn't using one, get on bitwarden.

Everyone knows why password manageras are absolutely essential, but here's an often neglected perk: I can list every site I ever signed up to. Wanna delete some old accounts? "Did you sign up to X yet?" Simples.

KeePassXC here. Locally encrypted, Locally stored, cloud backup of an encrypted file, synced with SyncThing to mobile devices. I will never trust nor recommend a cloud based manager with all the breaches.

Yes, do it! Now! It’s the safest way, but only by choosing the right and trusted ones. Examples:

The expensive but good one: 1Password
The free, geeky and difficult one for normal users: Keepass.
The simple and free and beloved one: Bitwarden
The don’t try it ever because they will leak your data: Lastpass.

Bitwarden is the best.

Bitwarden fan over here. Been using it for a month and I have just 1 complaint; can't sign into the Android app. Signing in with my mobile browser works though. No idea why the app is being fussy. I'll contact them about it when I stop being lazy.

Bitwarden's best warden.

Yes, Bitwarden is the way to go

Bitwarden is just fantastic, it works so well. After migrating from LastPass years ago to BW I haven't looked back once and have encouraged friends to switch over as well.

My opinion is that they are a godsend, and it baffles me why neither Apple nor Google have a proper client for this...

Thankfully Bitwarden exists.

I can’t imagine life without one. So many bad password habits can be eliminated by using a password manager to generate a strong, unique password for every site you use, and devoting your limited password-remembering powers to one decent master password. (Or better yet, secure your password manager further using other forms of authentication.)

It’s not just for helping you (and your less technically inclined friends and family) remember and use strong, unique passwords, though. Since a password manager only recognizes the real web address that any given password was designated to, it won’t be fooled by a scam website using a similar-looking name to a legitimate one. While this doesn’t eliminate the risk of falling for a scam, every little bit helps, no matter how skilled you are at cybersecurity.

I use Bitwarden, which I’ve been using ever since Lastpass started limiting you to using a single device class (mobile or desktop) for free accounts. It integrates with both Firefox and Chromium-based browsers and with the password manager features in smartphones. Their free account is nice, but I went with the paid option so that I could keep and use 2FA passcodes within Bitwarden itself. There have been several debates between doing it like this versus using a separate authenticator app, but I feel like it’s both very secure and really, really convenient. It encourages me to use increased security on every website that supports it.

Keepass, from here to eternity

I use bitwarden - I like it a lot plus you can self-host if you don't want to trust a third party

In general, password managers are a must-have in today's world. The question is not if you should have one, but which one and why.

As a Software Engineer very conscious about security and privacy, but also with a high practicality sense, I'd say you should opt for whatever you feel more comfortable.

If you don't want to manage anything, then 1password, BitWarden, LastPass or any of those might be right for you. If you are more of the kind to tinker with everything, then you can have your own OwnCloud/NextCloud and use KeePassXC.

I particularly used the later setup, but NextCloud was too much to handle for me, and settled with KeePassXC + Dropbox.

You do you, but use a password manager.

Another vouch for bitwarden, its free and has everything I need. Been using it for at least 5 years.

Bitwarden. Integrates extremely well on Android and on my PC in Firefox.

bitwarden. Using it 4 years extremely happy. Did you know they allow creating a password up to 128 characters

I've used bitwarden for awhile now and even got my wife on it. I love it and it's simple to use.

KeePass. Hands down the most secure one if you set it up right

If you're not using a password manager then you're mostly likely 1 data breach away from not knowing how many other accounts of yours have been compromised.

They're so incredibly easy to use, they're all basically free, and they are essential IMO. I personally use Bitwarden, before that was LastPass until they first got rid of any reason to use the subscription, only to then lock multi-device use behind the subscription (oh and they got bought by LogMeIn, who are a garbage company). Bitwarden is better in every way, so it was a win. Happily paying for Bitwarden, and would recommend it to everyone.

Been using Bitwarden for years now. It's one of the first apps I install on every new device or browser.

At this point NOT using a password manager is absolutely insane from a security perspective. Password managers not only make your life easier, but if you use them correctly, you can setup each service with its own dedicated and complex password. Good luck doing that without one!

One of the best decisions - software wise - I made was to switch from Lastpass to Bitwarden. Never going back!

I absolutely love Bitwarden. They've never been hacked (to my knowledge). Are super transparent. Answer support tickets extremely quickly and it only costs $1 a month to use 2FA. The extension and app are super fast, extremely well made as far as user-experience goes and I have never had a problem with them.

Tried Keepass, KeepassXC, 1password, Nordpass, et cetera. Bitwarden does it all better imo and fits my use-case perfectly.

Keepass, synced between devices with Syncthing

Bitwarden for sure. I use it to store passwords, of course. But also to generate stronger passwords than I can make up myself. I also like the secure notes and emergency contact functions.

I use keepass synced with internxt. Works so so , but internxt will hopefully improve

This thread inspired me to take a look at Bitwarden. It's so much better than what I was using that I switched instantly.

For me, it's Bitwarden.

One more vote for Bitwarden over here. I use the paid version, which is really cheap and because it supports the development. Been using it for almost 5 years and it's the absolute best.

KeePass, and backup it on luks containers.

Absolutely for every single login. Makes life so much easier once you're dedicated to doing it.

I started using Bitwarden a few years ago, and I will never turn back. Passwords available across all my devices (android app, chrome extensions etc). You can also sign up with them (they have free which is pretty limited and a paid version) or you can selfhost.

I run it selfhosted, so I don't pay and don't have any limitations.

They have received a huge influx of users recently from ~~1password~~ Lastpass after that breach.

KeePassXC / KeePassDX with Syncthing!

I have been using BitWarden, and it's pretty good, but I'm shifting over to Keepass now, syncing the database with syncthing. Means I don't have to trust they won't be breached, but it is definitely a bit more of a faff to get set up. For anyone unsure, I would definitely recommend a managed service like BitWarden though. I got my sister on it, who would probably have a single password for everything otherwise, and she got the hang of it super quick.

Started out with lastpass many years ago, until it was bought by logmein. Have been using Bitwarden since.

KeePassXC is awesome, used it for years. Works great with browser plugin, secure. Sync with Syncthing across all computers and devices.

Trust no one. Not because you're paranoid, but because you don't need to.

Trust no one and just use KeePassXC.

Bitwarden is fine with me, but a company needs to earn my trust before I let them have that kind of information. Most companies out there just aren't trustworthy enough to hand that kind of data to.

I do not trust cloud based password managers even if they claim to be E2EE and all other stuffs. I only trust offline password managers like KeePassDX (using it right now) etc.

KeePassXC is the only password manager i trust, and the only place I'd store actually important passwords

Bitwarden has literally changed my life.

I am also using 1Password since ages. Using a password manager is a great investment into your security. There are so many data leaks and reusing passwords is bad practice and will create headaches.

I am looking for alternatives though, since 1Password is getting worse.

KeePass synced across all devices with NextCloud. All the advantages of commercial password managers, but free and on your own network.

Bitwarden by a mile.

Absolutley. You should absolutely use a password manager.

Personally, I use keepass synced via google drive with a yubikey to authenticate.

But, I'm happy if someone is just using the password manager at all.

If you don’t use one, then what the hell are you doing?

Also, Bitwarden. Selfhosted

KeepassXC

Just started using bitwarden maybe 3 months after I noticed an uptick in unwarranted 2FA requests, possibly the best decision I've made. Getting used to it took a little while, being used to builtin auto fill features from browsers, etc. But after getting the hang of it, logging in has become a breeze, same with credit cards.

Bitwarden all day, every day. Awesome stuff.

Permanently Deleted

I just use 123password for all of my passwords, so I don't need one.

Using a password manager was a game changer for me and I recommend it to everyone. I use both Bitwarden and 1Password. I find Bitwarden to run better on Android and 1Password better on iOS. But both are the best password managers in my opinion.

Use KeePass, sync the passwords with your preferred service (I use Dropbox), then use another method to transfer and save a key file to use together with your master password.

Don’t trust bitwarden unless you selfhost.

100% recommend. It was a way easier switch than I expected, and I feel much more secure now.

I use Bitwarden.

it simply is not plausable to remember so many complex passwords and services. i use bitwarden and i just need to remember one password, that's it. can not recommend it enough.

Using Bitwarden for some time now, the Android app doesn't always detect the login fields so i prefer 1Password, but Bitwarden is free.

I'm going to be super original and say Bitwarden. I used LastPass many years ago, but there was a data breach or they dropped the free tier, or something and I followed everyone to Bitwarden.

Not only was it significantly better on Android than LastPass, had a free tier (but even the payed is stupid cheap), but the interface is just so much easier to use.

Bitwarden is my chosen service, good pricing point and decent features. In terms of using a password manager, it has definitely made my life demonstrably easier and removes a lot of friction from my online life.

I use bitwarden. I like it a lot, especially because I like to switch between operating systems and web browsers. It works really well for my use case and I do recommend it to friends and family.

Not using a password manager (be it digital or simply a paper notebook) is just asking for a breach or getting hacked.

No one can remember the amount and complexity of passwords that are needed to live a secure digital live.

Every service/account you register for years now and couldn't live without it. I've set up a paper notebook for my mother and that works too.

But reusing passwords or using too short or insecure passwords is the number one reason why people get hacked or stuff gets leaked and stolen.

As a side note: a secure password doesn't have to include weird characters. Just make it long. Everything with 32 chars of letters and numbers or longer will be super secure for a while. And because your password manager takes of it, you don't even notice.

I self host a Bitwarden instance.

They are a must in this day and age.

Keepass. Keepass2Android - can sync via cloud, I have my password file synced via OneDrive.

Keepassxc works great with nextcloud sync

Absolutely necessary to have and use. KeePass offline works well for me. Clouds are for rain!

I pay for 1password. Previously I used KeePass and kept the database in my Dropbox folder. I would definitely recommend the 1password family plan. My wife forgot her password and I was able to unlock her account without her losing everything.

KeePass user here for.....a long-ass time. Won't use anything else. Official KeePass 2.x on my computers, and KeePass2Android on my phone. The database is synced to my Google Drive, and a strong passphrase plus a key file keeps it nice and secure.

I begin to use KeePass and without any browser plugin.

I would NEVER allow to store my password on an online service

I used KeePass for years. Now I switched to BitWarden since it's open source and audited.

Been using Bitwarden since 2017, I think.

I love it! I did use other password managers, but I ended up retaining Zoho Vault and KeePass. Zoho for work credentials while KeePass for archive and backup purposes.

I personally use keepass and only sync my database between devices with either syncthing or a flash drive

I use Bitwarden, and pay for their premium services. I really like it, it helps me keep track of all of my accounts, I'm able to keep all of my individual account passwords secure and unique, and I'm able to autofill my login credentials on all of my devices.

KeePass with Keepass2Android on my phone with the vault synced via Dropbox. Use biometrics to access both apps. I also use Secure Password Generator on Firefox to get passwords + several options in KeePass (readable passphrase, diceware, etc.)

I’ve been using passwords manager since a few years, but I switched to Bitwarden around Christmas last year after the data breach from LastPass. It’s so much safer than storing them in the browser or on one service that’s not available elsewhere

LastPass -> Enpass -> BitWarden

Tried KeePass (on Windows), 1Password and pass before settling with BitWarden.

Permanently Deleted

I use Bitwarden. Used to use Last pass, but that got crappy a while back.

Password managers are a requirement for me these days. With how many breaches occur daily that we might not even know about you probably want a password that hasn't been reversed or used before. For me I don't know what I'd do without Bitwarden. I previously used LastPass until they added some restrictions and I figured out that Bitwarden was opensource. I don't currently run my own instance of it but easily could, keeping my passwords off other peoples computers.

Im using KeepassXC and sync it with Nextcloud

Currently I use Bitwarden on both my phone and my pc, but I'm looking into self hosting it with vaultwarden. This gives you access to premium features (such as TOTP support, for which I currently use Aegis Authenticator). It also gives you full control over your data.

I don't like to keep any security stuff in "the cloud", written down anywhere, or even on my own devices. It's too easy to lose everything after one security breach.

Instead, I use password algorithms seeded from both the service name/identifier and one or more private passwords. This lets me keep thousands of service/site unique passwords in my head just by memorizing twenty or so words.

I switched from LastPass to Bitwarden. I think they're great, being able to use a strong bespoke password for every service along with one nuclear missile arming grade password plus 2FA for the manager itself.

Yes and yes. I can't imagine NOT using one.

As with most things security it's about assessing your risk.

If you're a granny with a hand full of passwords then a notebook is probably fine.

I think for most people, who aren't CEOs, high value employees, or some kind of holder of the keys to a kingdom beyond their personal bank account, a solid full e2ee password manager that's cloud synced is a nice middle ground of security vs convenience. It beats a post it under keyboard or a notebook left on the night stand.

For those CEOs, or high value employees then something offline is in order. Or as I've seen others note perhaps a combo of full offline and cloud synced for less important logins.

I recommend Bitwarden as others have here. It seems to be the one that's come through unscathed thus far and the company behind it seems to be making the right moves to stay ahead of risks. https://bitwarden.com/help/is-bitwarden-audited/

Bitwarden

As other have said: Bitwarden.

Once you taste it, you can't go back.

KeepassXC on desktop with browser plugin, KeePassDX on android I find it less confusing to use than Keepass2Android.

It is only a bit difficult to setup sync, but you can use syncthing, or drive and it works nicely.

I don't know if this totally credible or not, but I found news that KeepassXC receives positive audit from independent security consultant. Very rare to happen in pass manager apps..

I got this news from Linux Magazine first as I remembered, so I think this is credible and best alternative solution for us to use KeepassXC than other (never heard other apps has been audits by independent security firms / consultants like this).

I think the best quote on PW Managers was "Password Managers are the vegetables of the internet. We all know they're good for us, but a lot of people are still content with the equivalent of password junk food".

Password managers are great, and the time i have to spend unlocking Bitwarden to autofill my password, is about the same time that it would take me to type out a password on my own. AND my passwords are exponentially more secure!

Lots of love for Bitwarden in this thread; I’d also like to pitch in with 1Password. It’s got a great UX and I even got my mom on board.

Used to use Lastpass since ~2013; really glad I switched last year. Lastpass has turned to absolute shit.

As others have said, bitwarden. I've also heard good things about roboform.

I really love that bitwarden is not only open source but has been professionally code reviewed, and can be self hosted if you've got the knowledge to do so.

Of course, if you're self hosting it make sure you have a solid backup strategy for your vault.

KeePass is the perfect tool for me ! The cybersecurity practice at work also use it,

They're much more than passwords managers nowadays, they're secrets managers. You can't store sensitive info like passport info, insurance cards, etc in a way that you know is safe if you make sure to use a unique and strong password as well as 2FA.

I also use Bitwarden. I would recommend it to anyone who can benefit from a cloud-based password manager because the basic functionality is free and the more advanced features (premium, family) are very affordable.

Using Bitwarden safely will make your digital life safer, but it will most likely be more complicated than it is now. You will need to:

Use a randomly generated password for the master password, which is unintuitive but increases your safety
Enable two-factor authentication (2FA) for all of your accounts that offer it.
Make an encrypted backup of your Bitwarden vault.
Create an emergency sheet with your master password, 2FA recovery key, and other important information.
Plan for what will happen to your passwords if you become sick or die.

You can think about increasing your safety/convenience step by step by keeping a book of password (which can be lost, so has to be kept secure and probably make backup) with

Random password/passphrase generator
Yubikey + recovery numbers
Drop the book, use an offline password manager (which some consider safer)
Switch to cloud-based cross-platform password manager, which maximizes convenience

So many answers for Bitwarden but I too will agree. It's my go-to ever since I've found out about it, I don't know any of my passwords apart from my Bitwarden vault master password tbh.

Been using the keepass format with varying applications for about 14 years. I used to host it in SVN repo for that sweet sweet cloud access! Not that smart im retrospec.. I feel like you shouldnt trust your passwords to the cloud, especially if their thing is password management. Last pass for example is under constant battery from attackers.

You should really use a password manager so you always have a secure and different password for each site

I recommend KeePass if you want to save your password locally

Or if you want something cloud based then I recommend Bitwarden You can even host your own instance

I like the simplicity of password-store. It's just a simple wrapper around a text editor, gpg, and git that allows you to make an encrypted, version controlled password repository that you can sync between devices using GitHub/Gitlab/etc. It also doesn't lock you in to any app since the passwords are just stored in gpg-encrypted files.

Keepassxc for storage/backup and then I let the browser save the passwords I use. I like this setup.

I love using 1Password!

Yes, and Bitwarden. Strong master password, with 2FA, and randomly generated passwords for the rest. For deeply personal apps such as banking I do have another localized system though. I moved on from LastPass and never looked back.

Been using KeePass for years since I couldn't keep track of every single random passphrase I have. And yes, I recommend it highly.

Yes. I’m in the free KeePass ecosystem. Self hosted via iCloud and backed up to Proton Drive.

KeePass2Android no net on my Android.

Keepassium on my iPhone.

And KeepassDX on my desktop.

I prefer a password with pronounceable content of nonsense words, separated by dashes, with some numbers and symbols in there somewhere. Such as: tostog-Meenish-flurbit-dalsag-3023# . It's long enough to be very secure, and easy to transcribe if I have to type it. None of the words are in a dictionary. I keep a big list in a note on my desktop, and peel'em off as needed, finally keeping the utilized PWs in Enpass.

switched from LastPass to Bitwarden and I couldn't look left or right

I’d say they’re pretty much necessary so you can have unique, complex passwords.

I’m currently test driving Proton’s new password manager, I’ve been using 1Password for ages.

Started with LastPass, used it for 10 years. Switched to Bitwarden a while ago, would never go back.

Started off with Lastpass free tier, then after they limited the free tier to only one device, switched to Bitwarden.

My goto is KeePass. Does everything I need. I like the use of hotkeys and the ability to have complete control over how the autotype works. Plus if you have a fingerprint scanner (phone or laptop or something) you can use autotype with that too. And the program is completely free.

After using one for like 8 years I really don't know how people have the time/energy to make up and remember all their own passwords

I use KeePassXC and synchronise it with syncthing. This allows me to keep it off devices I have no control over (OneDrive servers) and also allows me to have per device version history.

Use whatever but also use 2fa as well for every important account that you have.

Using different passwords for different services protects you against data leaks opening attack vectors for all your services as well as malicious actors using your passwords like that as well as phishing impact.

A password manager is a must for reasonable security.

I use keepass. Local DB file with Master password. No hosted service or Browser extension is another layer of protection, of risk reduction. I manually copy/sync the DB file via cloud storage as a backup and for mobile use.

I use Browser password storage selectively. The most critical stuff definitely only belongs into my memory and password database.

If you are not using a password manager you are doing it wrong.

What are my thoughts on a password manager?

I think it’s both a good thing, and a crutch. I feel the fact that most services are rendered unusable without an account is sad, and with the 100’s of accounts one is expected to have a password manager is sadly needed if you can’t memorize a password or can make passwords with a consistent pass phrase.

Do I use one?

Nope, I have a password system which is good enough for most accounts that’s always more than 7 character long and unique for each account without being lost to me. The only time it has failed as when my work decided to have us change our passwords every quarter, and I ran out of password ideas.

I honestly don't know how anyone manages without one these days. How would you even keep track of it all? Even if you go the 'same password for everything' route of horrible security, different websites have different requirements for both username and password. Wouldn't be able keep it all straight at all.

I personally use 1password, which is better than Lastpass for sure. Probably not as good as Bitwarden, but I'm too lazy to switch a second time.

2Password since forever. Can’t imagine having to type passwords or remember them.

I've used LastPass in the past but now I use bitwarden, gets the job done

I've been a KeePass user for over a decade and it's always been good to me, especially when using Box and OneDrive to sync it between devices. The ecosystem is great with enough plugins and support to make it fit your use case on any modern OS.

Can't recommend it enough. Especially over other options that are offered by a commercial company (LastPass for example). Not only because you're intently placing your trust in them to not expose your data and keep it secure, but also because you're giving them a lot of leverage to turn around and hold your passwords for ransom at some point in the future (when they IPO for instance, as a popular example) or lock you out after they fold for whatever reason.

I used to use BitWarden but switched to 1Password about a year ago once I decided to buy a business account for my department at work (which gives every user a free family account)

1Password is fantastic. It stores more than passwords, it's fine tuned to do that, but really can be used to store anything securely. The dev team uses it to share secure .env variables and API keys for example.

One of the best features though is the ability to share secured links to VIEW passwords outside of your network. When a coworker asks me to share an account password I don't just copy and paste the username and password over email. I click share in 1Password and shoot them a link that only they can view (using email 2fa). I can also make more open links to shared credentials that expire (or until I expire those links myself).

The phone app works great and once you get it set up on one device it's easy to configure it on others.

I use KeePass (more specifically KeePassXC). I manually copy my password files around like a caveman but I don't mind. At least my kdbx files are not accessible easily.

Permanently Deleted

I've used 1Password for years. Works well on all my devices (MacBook and Samsung Galaxy phone). I'd absolutely recommend you use one.

Not only are they great for handling complex passwords, but a benefit I've not seen mentioned here is that they are a way of just keeping track of just how many sites and accounts you've registered with.

For example - You buy one product once from an online store, save a password so you can monitor the order status but never use that site again. Before I used 1Password I'd just have forgotten I'd even used that site. But now I can just look down my 1password account and see a whole list of all these passwords and accounts ive created. And there's loads. You forget just how many online accounts and passwords you have out there.

I can't imagine not having a password manager. I even got my mom to switch to bitwarden. I'm not sure if I just don't know how to do it, but the only thing I wish I could do with bitwarden is share a password with another bitwarden user.

Well, shit. I don't use a password manager but now I feel like I should lol. Gonna check out bitwarden I guess.

Use KeePass!! It's an opensource, offline if you'd like, password manager that doesn't trust any third party servers to manage your sensitive information. https://keepass.info/

Butwarden. Always Bitwarden. Just like almost everyone else in here it seems like.

1Password family account for my partner and I. Super handy to have a shared vault for household things.

Any security researcher worth there salt says to use one .Not sure what the question is. Bitwarden and 1pass are general good recommendations.

Switched to bitwarden last October and couldn't be happier. Was previously just storing everything in chrome/my Google account. Reused the same password on pretty much every website. When I saw a few articless about chrome causing issues with ad blockers I decided to switch to Firefox which meant having to figure out my passwords. Decided that was a great time to figure out a separate password manager. I still occasionally run into websites I don't use often that still have my old password but for the most part everything is switched over and if 2FA is an option I have it set up. Going through my main sites was a drag but I felt so much better afterwards. I was really shocked at how many websites have really low limits on password length. And how some of the accounts I would really really prefer to have 2FA it's not even an option, looking at you banks.

My work actually just switched payroll companies and when creating my account I noticed the password field was 0/127 so of course I bumped up my password generator to 127 and maxed out the password field 😂

So happy I got 1Password set up and it has treated me right during the years I’ve used it. I wish my parents had such a thing. They have all the passwords written on a sheet of paper that sits under the keyboard. Like the digital version of car keys up in the visor.

I absolutely use one and regret I didn't use one earlier. I remember so often how I had to reset my passwords for different sites. Now every password I super complex because I don't have to remember it.

I use Firefox's built in password manager because its crossplatform and I can use it on all my devices.

https://play.google.com/store/apps/details?id=keepass2android.keepass2android

Been using this for years. Hosted via ssh on my server in a ovh data center. Fingerprint access and every single account with a random password.

Have been using 1password for about 5 years now and have not have a single problem. I really like the integration with browsers and the iOS app. I am keen on testing protons though since I use the VPN and email.

I use Bitwarden with some trepidation. I keep hoping that eventually Proton Pass morphs into something that seems even more secure but right now it's pretty basic.

Permanently Deleted

Yes, 100%... In fact, I often do recommend it to others. Personally I use Bitwarden (paid account even) but I've also recommended 1pass to apple only users because it fits well in that ecosystem.

You can use them to generate a different password for each and every login. And it's really just random letters, number and special characters. That one site gets compromised? They can't then use those credentials to login anywhere else.

You don't have to remember those passwords. Passwords that are easy to remember are probably found in dictionary attacks. You know what's not? Wt2Pwi#$a@Nzeq7*8UwSJ7sTsMKdC!HSGZZ7JnzCtxhfCfFCiXP&FD!yM!c^$DisSR@2 (which I just generated with bitwarden)

2-factor auth is also really easy with most password managers and makes logging in with 2-factor auth easy. I hit one hotkey to fill in the web form with my username/password, hit enter to login and then it auto-copies my TOTP code so I can just paste it and go. Super secure but super easy.

You go to a phishing site? Guess what, a good password manager will store the url and if it doesn't match, that should be your first red flag. If I end up at g00gle.com instead of google.com, it won't show as having a login available.

I use pen and paper... yup.

I used to use Bitwarden and it's a great App but you need to export your saved password list frequently somewhere safe just in case.

I now use Safe In Cloud, the backup can be restored from their servers.

Afaik, the backups encrypted and Safe In Cloud have no access anyway, check out the Playstore reviews for more details.

https://play.google.com/store/apps/details?id=com.safeincloud.free

Perhaps a bit more technically involved for some tastes, but here's my setup –

I've used pass for the past few years, a command line based password manager that stores GPG encrypted passwords as text files in a git repository. I use it for more than passwords, so it's more like a passwords-and-other-sensitive-secrets manager.

There's no defined structure, that is left to the user to figure out, but the basic command to get a password and copy it to the clipboard simply grabs the first line of the file, which is where I insert the actual password. There's other info in there too, usernames, challenge questions, etc.

I push the git repo to gitlab, transported via ssh. On my phone, I use a client for Android called Android Password Store, which pulls from the git repository and has an easy interface for adding, editing, and accessing the passwords.

It costs nothing, stays backed up, and works pretty well for my purposes. Despite that, I was looking around to see if KeePass would be a better solution for me in any way, and found this cool thing, passhole, which provides KeePass with a CLI interface similar to that of pass, which is a big part of my attraction to it.

Loved bitwarden but switched to 1Password recently because their UI is so much nicer. ik, weird reason.

also because it was free with GitHub Student.

Definitely recommend using one. Don't have a preference for any particular one, I use Google's for simplicity sake. But unless you have a complicated system that allows you to have different passwords for every online service (or maybe if you have a great memory) it's simply more secure to use a password manager. Most sites have emails as logins, and if you reuse the same email/password combination you're just asking for trouble for when one day one of those sites get hacked, your password is sold, and someone spams your combo across all popular services and somehow ends up in your bank.

Bitwarden is great and I don't know how I could live without it anymore.

I've used Dashlane for a few years now and I can't say there are any issues with it at all.
I used to just use a list stored in Google Keep, "encrypted" in such a way that only I knew what the passwords were. That got really old.

I'm not going to say whether it's the best or not because I have not compared, but I have used Keepass2Android for years which seemlessly integrates with my cloud storage and key files (stored offline), has useful randomized password generation, and is overall unobtrusive

1Password for years, never had any issues.

I just completed a study of Enterprise password management and move my company from LastPass to BitWarden.

1password was a close second.

I personally moved to Bitwarden from 1Password due to the cost, and I believe for an average user, Bitwarden is definitely the way to go as it is very value-friendly (at $10 USD/year), and it is open-sourced unlike many other proprietary password managers. 1Password may get more features, however it being $3.99 USD/month, many users don't need the extra security features and I strongly believe that common sense is the best security for any user.

My mom would use the same password for everything or she would mix it up a little tiny bit.

Her passwords were like.

Rainbow2002! rainbow2003 RAINBOW!!!

It was a different word from rainbow, but that's just an example.

I got her using two factor with Google with a really good password and she's using the built-in Google password manager. Now all of her passwords are 20+ random strings instead of a single word with different numbers at the end.

I think that's a much better system than what she was using before.

Bitwarden, open-source, free, and awesome!!!!!

KeePass. Putting your passwords on someone else's webserver is just asking for trouble.

Is it bad that I just love built-in Chrome/Google auto-fill manager? Is this not safe? Autosync to Android does it for me + the fact that i can auto-generate and save/fill passwords seamlessly without having to switch between apps

Used last pass for years until they decided no account sync for free users now I use bitwarden which I find is fantastic.

Started with LastPass many years ago - but has changed to 1Password just last week.

Bitwarden and Dashlane were close contenders, but I found that 1Password's sharing feature was better in my usage scenarios.

It’s 1Password for me. Looks good, works good and is available for every platform that I use.

For work I use KeepasXC and Bitwarden+Vaultwarden as well.

Using a sheet of paper right now, am in the process of switching to a self-written password manager. It uses Vigenere encryption using a key that is not saved anywhere (that I have to remember) and saves to a .dat file. Should I use my own tool or a service?

Keepass + Syncthing awesome combination

it is has become so much easier to manage my password after I started to use bitwarden it is just convenient

They are totally necessary - if you don't use the same passwords across the internet I mean.

How many accounts do you have on the web? I can count at least twenty accounts that I have and use from a variety of services. Keeping different usernames, emails (through alias) and passes in mind is no easy task, so a good password manager is absolutely needed.

People are recommending Bitwarden and I can't say it's bad, truly, it's a really secure and private alternative. Although, in my opinion, keeping a offline safe for your accounts is way better because only you have the absolute control over all the credentials. I use KeePassDX on my PC and phone, synced by Synching, and being loving it for some years still.

i am happy since years with 1password

I don't but I should even though my threat level is zero.

But then isn't a single point of failure a problem? I guess we use these to make life easier with strong passwords, but what if the cloud with sync gets leaked, or someone keylogs my pass manager then I lose all passwords not just those incidentally affected by a leak or hack?

Bitwarden's browser extension is great, which is something I can not say about their mobile app which is slow and not very user friendly. It does, however, make my passwords safer since I tend to use random ones.

I use keepass and host the files "myself", means in my clouds, keepass droid is a nice adfree app, I just like to have control over my passwords after I read some articles about password "safes". It's a bit effort to setup, but since then works perfectly.

Using Bitwarden for password manager, Aegis for 2fa, been working great for me so far.

Does a sheet of paper count as a password manager?

Switched from LastPass to 1Password after their ridiculous security breaches and haven't looked back. 1Password also kindly gave me the first year free after sending them my LP invoice.

I use 1Password because I got my wife to use it. The paid plan is worth it just for the fact that she also uses it. If it was just myself, I would probably self-host Bitwarden.

1password family user here. I cringe nowadays when people still try to remember their passwords and accounts and say they have a "good" system. It's a necessity nowadays. Sounds like the consensus favorite around here is Bitwarden. Anyone wanna tell why they prefer it over 1password? Is it because it's self-hostable?

I can't imagine not using a password manager. I am a long-time user of 1Password and have been very happy with the service and apps. I recommend it to everyone. Worth every penny and then some IMO.

I just use the Google password manager so i don't have to put everything in every time i log into an app or a website

I use keepass 2 with a self hosted nas for the main flle .

Started using RoboForm on Windows XP, switched to Mac, used several there, came back to Windows 7, used LastPass and then dumped LastPass after they were acquired by LogMeIn which, as predicted, poorly managed the product to where people are getting locked out of their passwords. So now its 2023 and I'm back on RoboForm.

(If anyone has any reason to not use RoboForm I would appreciate, however I need to use password sharing occasionally, which is a feature) Edit: just realized this is an Android group but RoboForm has a pretty good Android app, FYI.

Using no password manager and a different password for every account would be the most secure option but most people (including me) would be too lazy for that. Instead I used to use the same password everywhere, which is obviously very unsafe. I then switched to Bitwarden, where I can just generate a secure password for each account and I can access them all with one password. I still need to remember only one password but it's a lot more secure than using the same one everywhere.

Absolutely recommend it to others. It's much safer than reusing passwords, which is what inevitably happens if you don't use one. I use Bitwarden, but KeePass is also good if you want to avoid the cloud. Or you can use a paper notebook, but that's less convenient.

Dang you guys made me feel bad for using Microsoft Authenticator lol.

I have no idea how anyone lives without one, there's really no downside to using one if it's set up properly

I don't use them. I see this as a putting all eggs in one basket strategy, if my master password was lost, hacked, hosting company shutdown, or for whatever reason refuse to do business with me, my entire life would be screwed.

Instead I use long passwords made of words, and for each site it will be a few letters off. They're easy for humans to remember because how similar they are, but due how hash works they are equivalent to unique passwords to hackers.

I use pass, its basically pgp with git. Works suprisingly well for such a simple thing

Bitwarden

Yep, would totally recommend using one. I started with KeePassXC but switched to BitWarden later coz of simple convenience (sync and all that jazz).

I couldn't live without one these days. I personally use Bitwarden. I have tried most of the other manager suggested in this thread. They each their own benefits. I would recommend one of the hosted services for most people (1password, Bitwarden, not LastPass). I came to prefer Bitwarden for their combination of features and openness. I have self hosted it in the past, but these days just use their hosted service.

There are a lot of side benefits to using one besides just remembering your usernames and passwords for you too.

It lets you use catch-all emails if you have your own email domain
- allows you to give services their own address to track abuse
- makes you more resistant to someone taking your leaked credentials from one site and using it for another
- easier spam filtering
Most password managers support random password generation
Saving things that aren't logins
- Family member's SSNs and DL numbers
- Credit cards
- Wifi passwords
- Gate codes
Sharing always up to date passwords and other secrets with people (for hosted options)
2FA is easier

I've used password managers for as long as I've used the internet. I find it absolutely essential.

If you're not currently using one, it's likely that as the number of your login credentials increase, bad habits will increase. So it's probably better to use a password manager any way.

If you're using good, separate password, saving logins in the browser might work for you too. In that case I'd suggest you read up on the security your browser provides, ability to sync, migrate etc.

Using a password manager to keep your passwords safe is a good practice. I’m still a bit hesitant to use the cloud based options. Even though all is encrypted. I use KeePass and OneSafe. Currently looking into the new password manager from Proton to investigate whether that is a good and practical one to use.

I kinda don’t trust em tbh.

I couldn't imagine not using a password manager anymore, so I'd certainly recommend it. At work we use 1Password, and I use NordPass privately. Both are great IMO.

I absolutely use a password generator/manager. Using Bitwarden.

I haven't heard anyone mention Google password manager, which is the one I started using recently. I assume very few people trust it because... Google?

Keepass with key file. I synchronise only the database with cloud servers while the key file stays on my devices and never gets synched. I think that's a good tradeoff for security and convenience.

Have been pleased with 1Password going on 5+ years. Bitwarden is also a great consideration. Avoid LastPass.

I toss my KeePass file (encrypted database) in Google Drive.

That way I have all the convenience of syncing through the cloud, but I also get the benefit of having my database access and database storage be managed by separate companies.

If Google has a breach and my data gets leaked, sucks, but the database is encrypted so I’m good. If KeePass encryption is broken, sucks, but attackers would also have to find a way to gain access to my Google Drive.

Having a password manager is incredibly useful when someone dies and you need access to their accounts. I think bitwarden and probably others lets you grant emergency access to someone, definitely leaving it in my will.

I personally use Firefox's built-in password manager and it works great for me. I use Relay to generate email masks and enter in random passwords that are saved and synced across my devices. It's been very helpful!

I have proton subscription for mail, vpn the works. Just switched to Proton Pass and very happy. Auto creates alias emails on signups so my real email is not out there.

It's kinda ridiculous that no one made better system for credentials, soma of requirements policies are ridiculous.

I would never use cloud services if not hosted on my server.

Keepass with custom sync is best option.

Anyone not using a password manager is shooting themselves in the foot and often time not realizing till its too late. Along with that sign up for a service that notifies you of data breaches, I think bitwarden has one built in (might only be for subscribing members though) and there is always https://haveibeenpwned.com/

Password managers are a great tool for digital hygiene. The main way an average Joe gets his accounts taken over is because it reused the same user and password combination.

I personally use pass, which uses gpg for encryption and can also use git repositories (I use it with my personal gitea instance).

I get 1Pass through work, and the ‘personal’ vault detaches if I ever leave my job. Super useful to have, to the point that using devices where I’m not logged in feels so much worse.

Just moved from bitwarden to proton pass, so far so good. Would recommend keepass, bitwarden,1password but definitely not lastpass.

I just use the chrome password manager, works great and seamlessly transitions from Android to desktop. I used to use KeePass, but the convenience of the built in tools in chrome just works really well, especially after moving over from iOS.

Does anyone have recommendation for a password manager that works well on both mobile and desktop? I browse with Firefox and while Lockwise is integrated into Firefox now and works fine on desktop, it's kind of 'eh on mobile in my opinion. It "works" but I find it to be fairly clunky and a lot of the time I need to open the Firefox app and just find the password in there and paste it in.

Does any other application work better for transferring passwords made on desktop to mobile more seamlessly? Looking for better detection of the user/pass via app or website.

I use bit warden and I love it. And yes, I would recommend using a password locker. Just make sure you do some research before selecting one.

Yeah I use Lastpass, it's very useful. I'd like to switch to something FOSS and locally encrypted, but honestly I've tried a couple times and never got it working properly, meanwhile Lastpass always works. I hate their blinding white UI lol.

I would love to use one, but to be honest, I have not found one that I trust, so far.

The perfect "password manager" would require 2FA, has some kind of "online backup" (cloud) that I can host myself and has to be open source. So far nothing really seems to offer all this.

I use KeepassDX, one of the variants of Keepass. I don't know if it's any better or worse than the other variants but it has worked well for me so far.

The advantage is you are hosting your own password database so you aren't reliant on some cloud platform that inevitably gets hacked.

I use 1password. I heard that Apple uses 1password internally. I figure their IT guys are more expert than me, a random internet dude. So I chose 1password. Works great on desktop, mobile, and even Linux. Family plan is a good deal. You can even share passwords between users for common things like bank accounts, etc, between family members.

Loving vaultwarden. Easy to share with family for passwords, great browser extension.

I use pass which is a frontend for GnuPG. It's sort of primitive and I had to write user interface for it but it's super flexible. Since every password is saved in encrypted file syncing is easy and we use Git to share company passwords amongst ourselves.

I would not recommend cloud based password manager. We all know what happened to LastPass. But locally encrypted ones are great. I love to use KeePassXC.

There are a lot of people recommending a very specific program in this thread. Be skeptical, everyone. Do your research on the strengths and weaknesses of these types of tools, and the specific offerings of all current leading services.

I finally committed myself to getting BitWarden set up, maybe a year ago. I wish I had done it sooner. I use it to generate all my passwords, and I have it installed on my phone and desktop. I love remembering only one password and knowing all my other passwords are secure. For me it's a no-brainer.

Ive used 1password since almost the beginning. Cant say I have any complaints at all!

I'm probably going to get grilled for this but I've Been using Firefox's Saved passwords, I really don't need anything better.

I used LastPass until they went for-pay with very little warning. So to protest I subscribed to Bitwarden premium (or whatever their paid tier is called)! Can recommend.

Over the last 15 years or so I've moved from 1Password to LastPass to Bitwarden. I don't know how anyone manages without them.

Keepass with syncthing is GOAT

A shame I haven't seen Passwordstore (pass) here. Simple, transparent, and to the point, with great extensibility to boot. It also interacts with git allowing you to version track your own storage, which is a huge plus for me since I use git daily.

On other choices, I think the largest point you should consider for a password manager is the ability to self-host your own instance. Opensourced server code is the next best thing. In security, human trust should never be trusted, and even if the company is not lazy and malignant about your data, bundling up a lot of them create obvious larger targets for potential hackers, and you have higher chance of getting the collateral damage than localized ones.

KeepassXC on PC and KeePass DX on mobile Synced through nextcloud The passwords are all encrypted with basically the password you provide so even if nextcloud wanted they can't get my passwords. All nice and open source

Absolutely worth it. It's the only way to actually adhere to password best practices.

I use the same password for everything but then add 1-2 extra unique words at the end. Lots of character substitutions (I'll never use O for example, it'll always be something else).

End result is that some website will have a 20+ character password but all I really remember is that the password is 'panda cake', and another will be 'boss cat'. But with all the character substitutions it looks like a hot pile of random garbage

I’ve been using Bitwarden for years and also use the Apple password manager on my phone and iPad so I have a copy in case something happens.

I also keep some less sensitive work passwords on chrome because I don’t want to open Bitwarden at work.

I don't use a PM because I'm too paranoid about losing access to it (hardware failure, file corruption), thus losing access to all accounts it protects. I end up writing down my passwords on paper. Not the full thing, just a personal reminder.

The real irony is that an "easily stolen" piece of paper is safer than anything i leave on my computer or phone

Using Bitwarden here. All is good but sometimes the auto-fill feature doesn't work well.

I've used Keepass or Keepass XC for years. They are great!

Since i started using KeypassX, My memory just got worse

Bitwarden.

KeePassX(C?) both on Windows and Linux. I used the windows version KeePass2 but there was a recent security vulnerability in it so I switched to KeePassX. Maybe it's already patched... auto-type doesn't seem to work in KeePassX on Windows so I might switch back but it's not that critical.

I appreciate Enpass because it allows me to decide where my data is stored while simultaneously synchronizing across all my devices. It's quite impressive. Now, they have incorporated Wi-Fi sync, which eliminates the need for cloud-based synchronization.

I've been using 1password ever since it was first released on iOS and I gotta say it's awesome! Whatever you use, stay far away from Lastpass ... they are a security nightmare.

Permanently Deleted

Another vote for Bitwarden!

Bitwarden all day

Started with Bitwarden years ago, then I used 1password for a few months and now I'm using Keepassxc (Keepass2Android on my phone).

And I recommend everyone to use one. Not necessarily Keepass if they are not very tech savy (database synchronization can be a little bit tricky but not hard). Bitwarden was good too but Keepassxc supports adding ssh keys which is a big plus for me.

KeePassDX with Synching to locally synchronize databases across devices.

Keeper is a fantastic zero knowledge password manager. Once I started using keeper, I never looked back.

Currently a Bitwarden user at both home & at work. Picked up some Teams licenses for my department earlier this year - Password Managers are absolute essentials for next of kin & for successors at work.

Absolutely necessary In the current times. Be it for peace of mind or to free space in the mind. I've been using Bitwarden for over 5 years and I will never look back. The only password I know is the master password of the vault and don't have to worry about the tens of other stored in there.

The yourselves a favour and just go for it. It will be a million times better.

It is an absolute necessity if you use a computer. If you dont have a password manager your accounts are not secure, unless you can memorize randomized passwords. I personally don't like the idea of my most sensitive file (password database), being on someone elses computer. I use KeePassXC to mitigate this, but if you want cloud sync I recommend Bitwarden.

I use gpg to encrypt my passwords with my public key. Benefit is that adding credentials to a new file doesn't require me to type the master password (password for private key). I trust gpg the most for security.

Got a lifetime key for Enpass something like a decade ago and it's been as good as I could ever need. I still rely heavily on autofill via Android & Firefox, but I treat Enpass as the backup to the backup, the one with every last password. I'm meticulous about updating it with every account, every updated password, etc. I also manage all of my wife's passwords as a separate vault.

As the rest of this thread seems to be saying, yeah Bitwarden seems to be the way to go. I've been using it for years and it's way too convenient not to have (not to mention the security benefits).

I've been using Safe In Cloud since 2012. I like it a lot.

I think it's almost necessary. I only have to remember one password now. Bitwarden has apps/extensions on basically any device/browser I've used that integrate well with auto-fill. It was weird not being able to "know" my passwords originally, but it's great not ever having to remember which variant of a password I might have used. Plus, you can easily share some accounts with people easily and it's just seamless (a lot of IoT devices only work with a single account for example).

I use Dashlane and I'm generally happy with it, plus you get a VPN for free.

But so many people use bitwarden it seems. Anyone use both and have a comparison?

I use Chrome password manager. Is there any difference to this vs. Bitwarden or other services? Chrome is super convenient since it suggests passwords in browser while signing up and auto-inputs them to apps/websites cross platform. And also integrates with GBoard to quickly search password to copy into a field.

Not sure if Bitwarden has any additional features other than the benefit of not keeping all my info with Google. Or if it's less convenient and I have to go into the Bitwarden app or something everytime to look up or generate passwords?

Yes. 1Password. If and when they fuck up, I'm going self-hosted.

Password managers are much better than using the same password again and again. I use 1Password.

I recommend one. Try to get one without a subscription. I bought the pro version of Enpass before they put up a subscription wall, and I've been riding that one ever since.

I started with mSecure for a short time, than switched to 1Password.

Lastly, I turned to Bitwarden which is open source too. I used the free version for a while, but then I paid 10$ for the premium version (mainly to support the team).

I tried NordPass, but Bitwarden it is just objectively better and cheaper.

Now all my logins have random password, additionally I have input my DuckDuckGo API Key to generate random alias within Bitwarden.

Password Store + OpenKeychain with syncing using git (forgejo) works very well for me

Self custody is something you need to keep in practice. I use keepassXC everywhere.

I would recommend one but I have always been wery about sending password data through the internet to be stored on some companies server. So I put in the effort to host my own Vaultwarden docker instance through TrueNas scale (True charts) on my home server and access it via a VPN tunnel (Wireguard). It's very complicated to setup compared to a web service but this way I own all of my password data locally. The android app (Bitwarden) works alright but sometimes it has trouble understanding what is a login screen and you have to force fill things. Vaultwarden as a docker instance works great. The only time this setup needs to be on VPN is to save a new password. Using existing passwords seem to be cached on my device.

Keypass is my ninja. I'm never not using a password manager.

So apparently I'm alone in using RememBear...

Been using it and I like it 🤷‍♂️

Went LastPass (avoid) -> 1Password -> Bitwarden. Pretty happy with BW, as it has reasonable integrations on Android. Prior to that, i was using a UNIX tool called "pass", which used GPG and allow some degree of organization. I still use it for some stuff.

They should be a hard requirement to anyone that wants to access the internet by now. Although the ones built-in to the operating system such as Gnome keyring, Kwallet, Windows Credential Manager and Apple Keychain are OK, the third party ones are 100% better.

Personally I use KeepassXC and just have it synced across different devices via Syncthing. While I also keep weekly backup copies (without the Key file) on Mega with it zipped and password protected.

1Password all the way. Holds my passwords and all of my 2FA codes. I understand it’s a single point of failure but I’m comfortable with their architecture and I don’t feel like self hosting stuff.

Yes, it saves on the odd site I use once a year and trying to have to remember that.

I use the paid version of bitwarden and would recommend it to anyone who can afford the subscription and two yubikeys.

It's a must.

I've been using Microsoft authenticator for work, and since it was there I also started using it for my personal accounts and passwords as well. It works well enough, never had any issues.

I use EnPass since it came out. Bought the lifetime license back when it cost about 8€.

I don't use a password manager, I don't trust the people that run them forever and I don't trust the software to be totally secure. I write them down, plus I have a mental system to generate passwords that I can usually rely on.

password manager saves time. why not

Lastpass for like, a decade. I can't understand how anyone can not use one.

I use both bitwarden and chrome.

I just Safe In Cloud. It syncs to a cloud service. There I have the paid mobile version that works with the free desktop version it works nice.

I prefer blackberry password keeper

This is a hard one. So the first hurdle that I came across is with the font used for the padlock's brand. My best guesses so far have been "Elsses", "Elzzes", or "Elcces", but that doesn't really turn up anything useful. This doesn't surprise me much, though, because looking at the font of "Top Security" tells me that this is probably a pretty simple lock from a Chinese manufacturer. Given that it's probably a basic 5-pin pin-tumbler lock loaded up with standard pins, which as you can probably imagine conflicts a bit with the "Top security" statement on the face of the lock, but that's a typical thing these manufacturers do.

I also wouldn't be surprised if the shackle was made from regular non-hardened stainless steel. It's also likely that it used a regular latch on the inside instead of a ball-bearing, thus making it vulnerable to shim attacks. These two points being the most important since thieves will typically gravitate towards the quickest and easiest ways to get past security instead of taking the time to learn how to pick.

In the end, it's an image that I see has been used for a number of posts and articles relating to security online. I wouldn't be surprised if the manufacturer didn't even exist anymore today.

Oh. Sorry, you were asking about password managers. I guess I got a little distracted. I use BitWarden. It's pretty good.

I use 1Password Family to manage mine and my parents and it's great. I wouldn't do without.

I use dashlane and I want to change. Any ideas on something that can offer the same functionality?

ie awesome with input fields for autocomplete, ability to save documents and with a good android app?

I've just started using 1Password is there anyway I can copy my passwords from Firefox and Samsung Pass to it automatically?

I use Firefox Lockwise and Apple passwords. Whether or not it’s safer is a plus but I just like my passwords being autogenerated and saved, makes life easy. Yes I understand that once they have the password to that account they have all my passwords but the same could be said about an email.

I've had enough friends and family members lose access to critical accounts due to things like changing phone numbers, and relying on auto-signin until their cookies get cleared, that I've begun just recommending password managers to everyone.

But alas, most don't listen.

I pay for 1Password for families. Everyone except one person uses it. The person who doesn't use it is always getting locked out of his accounts....

I also use 1Password to store what information I've given a website. That's come in handy when I've needed to change my phone number, email, or credit card.

I dont use password managers.

I just use a set of random words + random numbers, usually something related to the website, the time period (like major global events), maybe just the mood I'm in when I created the password.

Example: For Lemmy, I might use IslandMazeMouse0216 (I do not use the password btw, never used this before and now never will, don't try hacking me lol)

"Island" because the fediverse is like a bunch of islands, that formed together into one fediverse, "Maze" because this shit is confusing, and "Mouse" because the Lemmy logo looks like a mouse, 0216 because of June 12, the day the protest began, 0612, but reversed, but not reversing the 0, so 0 216.

Now I feel dumb for explaining, but also want to hear opinions.

But you see, it doesn't matter. Most websites have login limits so you can't really brute force the password. I just hate "password managers", if I were getting old, I'll probably just put my passwords inside a Standard Notes note, or just put it in a txt and use 7Z AES256 and upload it to a few cloud services.

For offline passwords, like a Windows Veracrypt encryption password, I use 5-8 random words with 5-7 random numbers and increasing the PIM.

For mobile, I use like 16-25 digits numerical pin, alphanumeric passwords are just too hard to type. I've been experimenting with long alphanumeric password + biometric, or a pin, and honestly idk which is better. I don't want someone accessing my phone while I'm sleeping, I might forget to turn off biometrics before I sleep.

I'm not gonna encourage everyone to do what I do, I am not a security expert, just some dude on the internet, but I just want to share how I deal with passwords. Feel free to criticize any flaws. 😅

Password managers are as important as adblockers in this day and age imo

I really like bitwarden personally. Its open source and works pretty well for my needs

Good. Used keepass for years, also useful for storing other confidential info. Put the app & vault in one cloud storage, key file in another and you’re synced across multiple computers, add an app for your phone and you’re good to go and surely reasonable secure providing you use a long password too.

Bitwarden is great, have recommended it many times. It's extremely reliable, I have easily 100+ logins stored there and it loads them all instantly. Its premium features are nice (it's also very cheap), and the export feature allows me to move to another password manager if I feel the need.

Bitwarden for the general stuff. Keepass for the sensitive stuff

Using Google' Pass Manager, it's really good sync across your devices if logged in with your Google account. It's not that good that it's embedded inside Chrome app on Android, it's might be much better if there's a dedicated client.

If you use them consciously, they are an incredible help. I have been using them for more than 15 years without problems, I have been using Bitwarden for about 5 years now and it is by far the best.

What's wrong with dashlane? Been using it for years, really don't want to take the effort to move to bitwarden or whatever the flavor of the month is...

I'm pretty happy with Nordpass. Works great on both windows and android. Could never remember all my passwords without it.

I don't know how someone can remember secure passwords without a password manager.. My password manager 10 years ago was basically a text file. Moving to Bitwarden from LastPass the only thing I miss is easily creating a folder when saving a new credential.

I use Bitwarden!

I like that I can share password with my team. :)

I'm probably an ignorant paranoid about them, I know I should google a bit of them, but instead I'm going for the ol' trusty ask the community.

Do they save your passwords locally or in the cloud? If locally, what if I want to sign in in another device? What if I lose the device I have my passwords on? What if they hack my device? If in the cloud: How can I know the service is not stealing my information? If I can access it anywhere, wouldn't that mean it also needs a password? Wouldn't that make it twice as unsafe as it would only take one password to access the rest?

Edit: Damn, I got extremely useful answers, I'm starting to like lemmy!

Use KeePass for work as well as enforcing that policy for staff. Personally I have been using Bitwarden premium but am working up the courage to convert to a local solution. Probably KeePass as well. My main worry is keeping the password database safe and backed up.

How do I get started to use one? Do I need to change the password for everything for the first time?

Edit: Thanks for such detailed responses everyone. Installed Bitwarden.

I used KeePass for ages, but I could never get my wife to use it, too. Updating and using and synching it wasn't a big hassle, but it was enough of one to let my wife reject it, especially with plugins that needed updating. Another issue we had was that sharing passwords wasn't really convenient. I set up a Vaultwarden instance on our server and now she's happily using the password manager (finally!) and we can have an "oganization" to share passwords with. Really cool stuff. Besides, we ain't needing and plugins anymore.

The ability to interface with DuckDuckGo's Mail-Forwarding-API has further increased the control of my data in a very convenient way!

The only thing I miss from KeePass is the ability to auto-type inside of other applications besides the browser, but hey, that's not too much of an issue.

I'm trying out Bitwarden after moving to a Sony phone (my Samsungs came with their inbuilt password manager) however it keeps asking for a master password all the time. Is that normal?

Bitwarden all the way. Self hosted too.

However, I really wish they would steal the look and feel and custom document types they do over at 1Password. I moved from 1Password to Bitwarden a while ago but really miss the sexy look and feel of 1Password. Bitwarden is very "linux-y"