Android

A shame I haven't seen Passwordstore (pass) here. Simple, transparent, and to the point, with great extensibility to boot. It also interacts with git allowing you to version track your own storage, which is a huge plus for me since I use git daily.

On other choices, I think the largest point you should consider for a password manager is the ability to self-host your own instance. Opensourced server code is the next best thing. In security, human trust should never be trusted, and even if the company is not lazy and malignant about your data, bundling up a lot of them create obvious larger targets for potential hackers, and you have higher chance of getting the collateral damage than localized ones.

I finally committed myself to getting BitWarden set up, maybe a year ago. I wish I had done it sooner. I use it to generate all my passwords, and I have it installed on my phone and desktop. I love remembering only one password and knowing all my other passwords are secure. For me it's a no-brainer.

Ive used 1password since almost the beginning. Cant say I have any complaints at all!

There are a lot of people recommending a very specific program in this thread. Be skeptical, everyone. Do your research on the strengths and weaknesses of these types of tools, and the specific offerings of all current leading services.

Anyone not using a password manager is shooting themselves in the foot and often time not realizing till its too late. Along with that sign up for a service that notifies you of data breaches, I think bitwarden has one built in (might only be for subscribing members though) and there is always https://haveibeenpwned.com/

I would not recommend cloud based password manager. We all know what happened to LastPass. But locally encrypted ones are great. I love to use KeePassXC.

I toss my KeePass file (encrypted database) in Google Drive.

That way I have all the convenience of syncing through the cloud, but I also get the benefit of having my database access and database storage be managed by separate companies.

If Google has a breach and my data gets leaked, sucks, but the database is encrypted so I’m good. If KeePass encryption is broken, sucks, but attackers would also have to find a way to gain access to my Google Drive.

I have proton subscription for mail, vpn the works. Just switched to Proton Pass and very happy. Auto creates alias emails on signups so my real email is not out there.

I'm probably going to get grilled for this but I've Been using Firefox's Saved passwords, I really don't need anything better.

It's kinda ridiculous that no one made better system for credentials, soma of requirements policies are ridiculous.

I would never use cloud services if not hosted on my server.

Keepass with custom sync is best option.

I use pass which is a frontend for GnuPG. It's sort of primitive and I had to write user interface for it but it's super flexible. Since every password is saved in encrypted file syncing is easy and we use Git to share company passwords amongst ourselves.

KeePassX(C?) both on Windows and Linux. I used the windows version KeePass2 but there was a recent security vulnerability in it so I switched to KeePassX. Maybe it's already patched... auto-type doesn't seem to work in KeePassX on Windows so I might switch back but it's not that critical.

I use 1password. I heard that Apple uses 1password internally. I figure their IT guys are more expert than me, a random internet dude. So I chose 1password. Works great on desktop, mobile, and even Linux. Family plan is a good deal. You can even share passwords between users for common things like bank accounts, etc, between family members.

Keepass with key file. I synchronise only the database with cloud servers while the key file stays on my devices and never gets synched. I think that's a good tradeoff for security and convenience.

I recommend one. Try to get one without a subscription. I bought the pro version of Enpass before they put up a subscription wall, and I've been riding that one ever since.

Keepass with syncthing is GOAT

Password managers are a great tool for digital hygiene. The main way an average Joe gets his accounts taken over is because it reused the same user and password combination.

I just use the chrome password manager, works great and seamlessly transitions from Android to desktop. I used to use KeePass, but the convenience of the built in tools in chrome just works really well, especially after moving over from iOS.

I personally use pass, which uses gpg for encryption and can also use git repositories (I use it with my personal gitea instance).

I don't use them. I see this as a putting all eggs in one basket strategy, if my master password was lost, hacked, hosting company shutdown, or for whatever reason refuse to do business with me, my entire life would be screwed.

Instead I use long passwords made of words, and for each site it will be a few letters off. They're easy for humans to remember because how similar they are, but due how hash works they are equivalent to unique passwords to hackers.