Android

KeePass synced across all devices with NextCloud. All the advantages of commercial password managers, but free and on your own network.

Just started using bitwarden maybe 3 months after I noticed an uptick in unwarranted 2FA requests, possibly the best decision I've made. Getting used to it took a little while, being used to builtin auto fill features from browsers, etc. But after getting the hang of it, logging in has become a breeze, same with credit cards.

Absolutley. You should absolutely use a password manager.

Personally, I use keepass synced via google drive with a yubikey to authenticate.

But, I'm happy if someone is just using the password manager at all.

KeepassXC

Bitwarden all day, every day. Awesome stuff.

Using a password manager was a game changer for me and I recommend it to everyone. I use both Bitwarden and 1Password. I find Bitwarden to run better on Android and 1Password better on iOS. But both are the best password managers in my opinion.

Not using a password manager (be it digital or simply a paper notebook) is just asking for a breach or getting hacked.

No one can remember the amount and complexity of passwords that are needed to live a secure digital live.

Every service/account you register for years now and couldn't live without it. I've set up a paper notebook for my mother and that works too.

But reusing passwords or using too short or insecure passwords is the number one reason why people get hacked or stuff gets leaked and stolen.

As a side note: a secure password doesn't have to include weird characters. Just make it long. Everything with 32 chars of letters and numbers or longer will be super secure for a while. And because your password manager takes of it, you don't even notice.

I self host a Bitwarden instance.

They are a must in this day and age.

I use bitwarden. I like it a lot, especially because I like to switch between operating systems and web browsers. It works really well for my use case and I do recommend it to friends and family.

Bitwarden is my chosen service, good pricing point and decent features. In terms of using a password manager, it has definitely made my life demonstrably easier and removes a lot of friction from my online life.

Using Bitwarden for some time now, the Android app doesn't always detect the login fields so i prefer 1Password, but Bitwarden is free.

KeePass user here for.....a long-ass time. Won't use anything else. Official KeePass 2.x on my computers, and KeePass2Android on my phone. The database is synced to my Google Drive, and a strong passphrase plus a key file keeps it nice and secure.

I use Bitwarden, and pay for their premium services. I really like it, it helps me keep track of all of my accounts, I'm able to keep all of my individual account passwords secure and unique, and I'm able to autofill my login credentials on all of my devices.

Keepassxc works great with nextcloud sync

Yes and yes. I can't imagine NOT using one.

As other have said: Bitwarden.

Once you taste it, you can't go back.

I begin to use KeePass and without any browser plugin.

I would NEVER allow to store my password on an online service

I don't like to keep any security stuff in "the cloud", written down anywhere, or even on my own devices. It's too easy to lose everything after one security breach.

Instead, I use password algorithms seeded from both the service name/identifier and one or more private passwords. This lets me keep thousands of service/site unique passwords in my head just by memorizing twenty or so words.

Absolutely necessary to have and use. KeePass offline works well for me. Clouds are for rain!

I'm in the Bitwarden camp. There is no other way for me to have complex/secure passwords and remember them for my gazillion accounts.

I pay for 1password. Previously I used KeePass and kept the database in my Dropbox folder. I would definitely recommend the 1password family plan. My wife forgot her password and I was able to unlock her account without her losing everything.

I used KeePass for years. Now I switched to BitWarden since it's open source and audited.

Bitwarden

LastPass -> Enpass -> BitWarden

Tried KeePass (on Windows), 1Password and pass before settling with BitWarden.

I switched from LastPass to Bitwarden. I think they're great, being able to use a strong bespoke password for every service along with one nuclear missile arming grade password plus 2FA for the manager itself.

I don't know if this totally credible or not, but I found news that KeepassXC receives positive audit from independent security consultant. Very rare to happen in pass manager apps..

I got this news from Linux Magazine first as I remembered, so I think this is credible and best alternative solution for us to use KeepassXC than other (never heard other apps has been audits by independent security firms / consultants like this).

I use Bitwarden. Used to use Last pass, but that got crappy a while back.

As with most things security it's about assessing your risk.

If you're a granny with a hand full of passwords then a notebook is probably fine.

I think for most people, who aren't CEOs, high value employees, or some kind of holder of the keys to a kingdom beyond their personal bank account, a solid full e2ee password manager that's cloud synced is a nice middle ground of security vs convenience. It beats a post it under keyboard or a notebook left on the night stand.

For those CEOs, or high value employees then something offline is in order. Or as I've seen others note perhaps a combo of full offline and cloud synced for less important logins.

I recommend Bitwarden as others have here. It seems to be the one that's come through unscathed thus far and the company behind it seems to be making the right moves to stay ahead of risks. https://bitwarden.com/help/is-bitwarden-audited/

Im using KeepassXC and sync it with Nextcloud

KeepassXC on desktop with browser plugin, KeePassDX on android I find it less confusing to use than Keepass2Android.

It is only a bit difficult to setup sync, but you can use syncthing, or drive and it works nicely.

I like the simplicity of password-store. It's just a simple wrapper around a text editor, gpg, and git that allows you to make an encrypted, version controlled password repository that you can sync between devices using GitHub/Gitlab/etc. It also doesn't lock you in to any app since the passwords are just stored in gpg-encrypted files.

Currently I use Bitwarden on both my phone and my pc, but I'm looking into self hosting it with vaultwarden. This gives you access to premium features (such as TOTP support, for which I currently use Aegis Authenticator). It also gives you full control over your data.

Password managers are a requirement for me these days. With how many breaches occur daily that we might not even know about you probably want a password that hasn't been reversed or used before. For me I don't know what I'd do without Bitwarden. I previously used LastPass until they added some restrictions and I figured out that Bitwarden was opensource. I don't currently run my own instance of it but easily could, keeping my passwords off other peoples computers.

If you are not using a password manager you are doing it wrong.

Lots of love for Bitwarden in this thread; I’d also like to pitch in with 1Password. It’s got a great UX and I even got my mom on board.

Used to use Lastpass since ~2013; really glad I switched last year. Lastpass has turned to absolute shit.

I don't use them. I see this as a putting all eggs in one basket strategy, if my master password was lost, hacked, hosting company shutdown, or for whatever reason refuse to do business with me, my entire life would be screwed.

Instead I use long passwords made of words, and for each site it will be a few letters off. They're easy for humans to remember because how similar they are, but due how hash works they are equivalent to unique passwords to hackers.

As others have said, bitwarden. I've also heard good things about roboform.

I really love that bitwarden is not only open source but has been professionally code reviewed, and can be self hosted if you've got the knowledge to do so.

Of course, if you're self hosting it make sure you have a solid backup strategy for your vault.