I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options I'm overwhelmed by the selection. There are a lot of popular options out there, and I really don't have the time/energy to endure a misstep. So without a clear idea of which manager will check all of my boxes, I end up bailing on the process and keep using chrome's built in option.

So to start, here's what I like about Chrome:

• Automatically offers to store passwords without extra clicks
• Autofills automatically where it can, and gives me an easy choice when it can't
• Works everywhere I need passwords. (basically everywhere I browse the internet since chrome works everywhere)
• Minimal overhead. This is hard to beat since Chrome just includes it, so I'm fine with a little extra setup if necessary.

I used to use keepass portable on a thumb drive (I want to say circa ~2009ish), but it became really inconvenient as my usage shifted more to mobile devices.

I see this as a first step to also reducing my reliance on Chrome so I can start to consider other browsers. Right now I feel locked in to Google's ecosystem, but I know I can break it up if I don't get too bogged down by choice. Much appreciate any help. :)

Web devs: what's up with this trend? For enterprise apps, I get it…single sign-on needs to detect what your email domain is to send you to your identity provider. For consumers, I feel like it's gotta be one of these reasons:

• Users don't know about the tab key being able to move to other fields on a page
• Mobile users don't really have a tab key, despite there being "previous/next field" arrows on the stock iOS keyboard since its inception (Android users, help me out please)
• Users tend to hit Enter after typing in their username, leading to a form submission with a blank password
• Security, maybe? In the past I have sent a link and a password in separate emails or separate communication methods entirely. Are you hashing/salting these separately for better MITM mitigation?

Did your UX team make a decision? Are my password managers forever doomed to need a "keyboard combo" value for every entry from now on?

Non-devs: do you prefer one method over the other? If so, why?

Tildes maintainers: selfishly, thanks for keeping these together :)

For a long time now, I have been using KeePassXC for desktops and KeePassDX for Android. I keep everything synchronized neatly with Syncthing, which can be configured to operate over your WiFi or the internet through their gateways. This allows me to share a single KeePass file with another individual, provided I tell them the password.

I have a co-worker who is loving 1Password and while it looks great, something irks me about paying monthly for a password manager. I looked into Bitwarden for a "local cloud" and have seen very mixed results as well as not being sure if I could trust my own security configurations to do so.

I am primarily wondering what everyone else is using in search of something a bit more convenient (I'm not opposed to using the cloud) that has an app like KeePass that I can use for desktop apps, and not just in the browser (though I don't use that function often, truthfully).

Edit: Passkey support was mentioned in this comment and made me realize how important such support will be in the coming years. For those of you with password management solutions supporting it, how has it been?

lou's post here resonated with me and my attempts to get my family to use better security practices (i.e. 2FA, password managers). They're very difficult to wrap your brain around to the average user, and they have the ability to create catastrophic failstates if used incorrectly. Furthermore, even when they work well, they can still be kind of clunky (different sites use different methods; writing down/printing recovery codes feels like a dated solution alongside other tech-forward things).

Also, outside of this, password requirements are their own bugbear, with nearly every site having different criteria. Even as someone who uses a password generator and manager on the regular, I still have to adjust the password creation criteria to do things like fit character limits or specific requirements (and don't get me started on forced resets!). I totally get why so many people reuse passwords, or have a default one that they sort of modify as needed to fit a given site's needs.

From my (admittedly super limited) perspective of a lay user: usernames, passwords, 2FA and the whole stack seems like something that's suffering under the technical debt of decades' worth of web development and networking. It seems like things have inched forward and many new layers have been added to address emergent problems, but the whole system gives a sort of barely-held-together-by-tape feel.

What if we could use what we know now and redesign things from the ground up? If we could start fresh, today, what might username authentication look like beyond the usual username/password combos that we're so used to?

I'm interested in any ideas -- not necessarily just feasible ones.

Also, despite me being the one prompting this thread, don't feel the need to simplify technical explanations or anything. I'm mostly interested in lurking and seeing what all you very smart techy people have to say about the topic. :)

The reason why is to make more accounts for reddit, YouTube (one for entertainment and Portuguese content each) news sites where signing up is an alternative to pass a paywall and other sites with comment sections. ^{Bad euphemism bro.} Also some sense of "praxis" in order to gain privacy.

Edit: And also getting anxious at the idea of remembering all my passwords, and putting them in a note in my old phone, which I am not bringing into my new phone and want to use this to delete.

According to these two articles, I can save my old passwords I had before and maybe even still make new ones after, and put them in a folder behind one true (master) password, which is the one you will truly care about, and they will be saved in a way in which the managing company won't know your password?

There's also figuring out which provider to use (and probably a similar post for alt-mail providers.) This is overwhelmingly for mobile (Android). No real space constraints for apps, only price, because I'm not working age.

After being skeptic of password managers for a long time, I've decided to take the plunge and get one installed. The burden of remembering dozens of passwords is simply getting a bit too much. So, I was wondering if anyone here has any recommendations of password managers? Maybe one you or a trusted friend use? Or maybe you think password managers are rubbish, and want to share you opinion?

Any suggestions are welcome, in the interest of fostering discussion/having the thread be useful to other people too. But in my specific use case, I want to be able to sync between devices. I'd prefer something open source, but it's not a requirement.