For a long time now, I have been using KeePassXC for desktops and KeePassDX for Android. I keep everything synchronized neatly with Syncthing, which can be configured to operate over your WiFi or the internet through their gateways. This allows me to share a single KeePass file with another individual, provided I tell them the password.

I have a co-worker who is loving 1Password and while it looks great, something irks me about paying monthly for a password manager. I looked into Bitwarden for a "local cloud" and have seen very mixed results as well as not being sure if I could trust my own security configurations to do so.

I am primarily wondering what everyone else is using in search of something a bit more convenient (I'm not opposed to using the cloud) that has an app like KeePass that I can use for desktop apps, and not just in the browser (though I don't use that function often, truthfully).

Edit: Passkey support was mentioned in this comment and made me realize how important such support will be in the coming years. For those of you with password management solutions supporting it, how has it been?

I use Lastpass at work but don't have experience with any others. Last time I looked into it Lastpass and Keepass were the only two viable options if I recall (though my memory isn't the most reliable thing). A few quick searches seem to indicate that the market has opened up a bit since then. I'd like to use something open source with Linux, Windows, and Android clients. So, what's your preferred password manager and why?

I'm going to college soon, and I'm in the process of straightening out my accounts and login information. What password managers would any of you recommend? I'm looking for something that can be accessed on both desktop (PC) and mobile (Android).

Edit: I have set up KeePass and it looks like a great solution! Thanks for the help.

I've been trying to reduce my reliance on all things Google, and one of the big ones is password management. I've tried several times to make the jump, but every time I start researching options I'm overwhelmed by the selection. There are a lot of popular options out there, and I really don't have the time/energy to endure a misstep. So without a clear idea of which manager will check all of my boxes, I end up bailing on the process and keep using chrome's built in option.

So to start, here's what I like about Chrome:

• Automatically offers to store passwords without extra clicks
• Autofills automatically where it can, and gives me an easy choice when it can't
• Works everywhere I need passwords. (basically everywhere I browse the internet since chrome works everywhere)
• Minimal overhead. This is hard to beat since Chrome just includes it, so I'm fine with a little extra setup if necessary.

I used to use keepass portable on a thumb drive (I want to say circa ~2009ish), but it became really inconvenient as my usage shifted more to mobile devices.

I see this as a first step to also reducing my reliance on Chrome so I can start to consider other browsers. Right now I feel locked in to Google's ecosystem, but I know I can break it up if I don't get too bogged down by choice. Much appreciate any help. :)

Thanks to all of you who gave me guidance in the thread about password managers. It got me thinking I should expand the question to overall best practices regarding security, just in case I have any other important blind spots.

What are the essential do's and don'ts of digital security for the average person?

I thought I've been looking for a good password manager, but I'm not sure that's what I really need.

Here's my use case:

• I currently have a Google Sheet in my Google Drive that contains all my ID/passwords for everything
• In addition I have personal info in there like SSNs and Credit Cards #s
• I want to be able to have instant access to all of the info from my ancient iPhone and my laptop

Things I've tried:

• I messed around with Last Pass a bit and found it couldn't actually fill in the passwords in the apps I was using so I'd have to manually type them, which is a deal breaker for me.
• I've been using FireFox's LockBox and it's a bit better on that front but doesn't actually remember what the password goes to the app so I have to look it up each time, but it does populate them in the appropriate fields.
• Password-protecting a Google Sheet is apparently impossible but was a solution I was after for some time (Excel and Libre can do this..so +1 for software)

Other info:

• I am currently using an iPhone 5 but I plan to "upgrade" to a Samsung Galaxy S7 sometime in the near future. Perhaps that's why the functionality of these password managers seem so inconvenient for me? Would they work better on a modern phone?

What I'm after is perhaps two solutions:

• A password manager that crosses the bridge from desktop FireFox to the apps on my phone, and fills in the password for me automatically. That would allow me to feel like I could move to more random passwords for things.

• Some encrypted, password-protected site/app that could store plain text notes for sensitive things like SSNs and Credit Card #s that would stay in sync between a laptop and a smartphone.

Go ahead and mock me for my terrible security and ancient phone. I deserve it! But when you're done, I'd appreciate some guidance.

EDIT: Sounds like first priority should be to update my phone. Then there appear to be plenty of options to try. Thanks everyone so much!

I feel like it's impossible to remember passwords that are long, random, and unique for every service. I have too many accounts.

On the other hand, I don't like the idea of giving up control of my passwords to a password manager and using the ones it generates and stores. It feels weird that I wouldn't "know" my passwords.

Is this a hangup I should just get past? What do I do if I need to login somewhere but cannot access my password manager?

The reason why is to make more accounts for reddit, YouTube (one for entertainment and Portuguese content each) news sites where signing up is an alternative to pass a paywall and other sites with comment sections. ^{Bad euphemism bro.} Also some sense of "praxis" in order to gain privacy.

Edit: And also getting anxious at the idea of remembering all my passwords, and putting them in a note in my old phone, which I am not bringing into my new phone and want to use this to delete.

According to these two articles, I can save my old passwords I had before and maybe even still make new ones after, and put them in a folder behind one true (master) password, which is the one you will truly care about, and they will be saved in a way in which the managing company won't know your password?

There's also figuring out which provider to use (and probably a similar post for alt-mail providers.) This is overwhelmingly for mobile (Android). No real space constraints for apps, only price, because I'm not working age.

I saw people talking about YubiKey here a few weeks ago so I got curious. Unfortunately, I’m not seeing a lot of helpful reviews for it.

I’m personally getting tired of having to take my phone anytime I need 2FA for Okta but I don’t have a lot of super important accounts to secure so I’m going back and forth in deciding whether the 100+ euro investment (to get two so that there’s a duplicate) would be worth it.

How do you use your YubiKey in your personal life and do you think it’s worth your use case ?

lou's post here resonated with me and my attempts to get my family to use better security practices (i.e. 2FA, password managers). They're very difficult to wrap your brain around to the average user, and they have the ability to create catastrophic failstates if used incorrectly. Furthermore, even when they work well, they can still be kind of clunky (different sites use different methods; writing down/printing recovery codes feels like a dated solution alongside other tech-forward things).

Also, outside of this, password requirements are their own bugbear, with nearly every site having different criteria. Even as someone who uses a password generator and manager on the regular, I still have to adjust the password creation criteria to do things like fit character limits or specific requirements (and don't get me started on forced resets!). I totally get why so many people reuse passwords, or have a default one that they sort of modify as needed to fit a given site's needs.

From my (admittedly super limited) perspective of a lay user: usernames, passwords, 2FA and the whole stack seems like something that's suffering under the technical debt of decades' worth of web development and networking. It seems like things have inched forward and many new layers have been added to address emergent problems, but the whole system gives a sort of barely-held-together-by-tape feel.

What if we could use what we know now and redesign things from the ground up? If we could start fresh, today, what might username authentication look like beyond the usual username/password combos that we're so used to?

I'm interested in any ideas -- not necessarily just feasible ones.

Also, despite me being the one prompting this thread, don't feel the need to simplify technical explanations or anything. I'm mostly interested in lurking and seeing what all you very smart techy people have to say about the topic. :)

What started out as a little facetious in my own head leads me now to a serious question. Is there some meaningful reason why Google has to use a subsection of images for reCAPTCHA? I really dislike having to do this and at the very least would appreciate some variation.

• Traffic Lights
• Buses
• Bicycles
• Cars
• Crosswalks

Is there something special about these things in this context? Is the visual noise they're usually associated with what makes them good candidates? Are Google just really into urban planning? Who knows...I'm hoping some Tilder smarter than I can help me out.

After being skeptic of password managers for a long time, I've decided to take the plunge and get one installed. The burden of remembering dozens of passwords is simply getting a bit too much. So, I was wondering if anyone here has any recommendations of password managers? Maybe one you or a trusted friend use? Or maybe you think password managers are rubbish, and want to share you opinion?

Any suggestions are welcome, in the interest of fostering discussion/having the thread be useful to other people too. But in my specific use case, I want to be able to sync between devices. I'd prefer something open source, but it's not a requirement.

First, some context. The latest from the US justice department saying that they will be focusing on finding "ANTIFA leaders" is incredibly troubling for anyone involved in leftist groups. I foresee a lot of good activists, regardless of how far left they actually are, arrested on trumped up charges in order to squash opposition.

Organizing is essential to resist fascism. This is made more difficult by the pandemic, as in person meetings bring a huge, almost unacceptable risk. As such, many orgs have been turning to platforms like Slack instead. Trouble is, Slack logs are not encrypted and I am certain that as a business based in the US Slack will not put up a fight to keep user data safe if the feds come calling.

I'd like to collect a decent list of alternatives. Important factors include encryption, ownership, open source status, ease of use, federation, scalability, hosting, cross platform, and anything else you can think of.