I thought I've been looking for a good password manager, but I'm not sure that's what I really need.

Here's my use case:

• I currently have a Google Sheet in my Google Drive that contains all my ID/passwords for everything
• In addition I have personal info in there like SSNs and Credit Cards #s
• I want to be able to have instant access to all of the info from my ancient iPhone and my laptop

Things I've tried:

• I messed around with Last Pass a bit and found it couldn't actually fill in the passwords in the apps I was using so I'd have to manually type them, which is a deal breaker for me.
• I've been using FireFox's LockBox and it's a bit better on that front but doesn't actually remember what the password goes to the app so I have to look it up each time, but it does populate them in the appropriate fields.
• Password-protecting a Google Sheet is apparently impossible but was a solution I was after for some time (Excel and Libre can do this..so +1 for software)

Other info:

• I am currently using an iPhone 5 but I plan to "upgrade" to a Samsung Galaxy S7 sometime in the near future. Perhaps that's why the functionality of these password managers seem so inconvenient for me? Would they work better on a modern phone?

What I'm after is perhaps two solutions:

• A password manager that crosses the bridge from desktop FireFox to the apps on my phone, and fills in the password for me automatically. That would allow me to feel like I could move to more random passwords for things.

• Some encrypted, password-protected site/app that could store plain text notes for sensitive things like SSNs and Credit Card #s that would stay in sync between a laptop and a smartphone.

Go ahead and mock me for my terrible security and ancient phone. I deserve it! But when you're done, I'd appreciate some guidance.

EDIT: Sounds like first priority should be to update my phone. Then there appear to be plenty of options to try. Thanks everyone so much!

edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the actual problem i had with Spyhunter, not VLC.

Spyhunter 5 has been bothering me about potential data leaks from vlc media player. The vulnerability is generally based on publicly available information.
It would be a shame if i have to switch, been using vlc for as long as i remember. It is probably the best media player out there, but i hate sharing my personal data in any way or form.

Spyhunter msg:

• Severity: Medium, VLC media player (Version 3.0.4)
  • The CAF demuxer in modules/demux/cad.c in VideoLan media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in Caf files, because a ReadKukiChunk() cast converts a return value to an unsigned int, even if that value is negative. This could result in a denial of service and/or potential infoleak.

Is this even anything to care about? I have updated VLC including removing cashe and still get the alert. Is a rollback another option perhaps?

So:

• I keep all my passwords in my password manager (Bitwarden)
• All my 2FA codes are generated by AndOTP on my phone.
• My 2FA backup codes are also in Bitwarden, which I think is a bad idea, because that defeats the purpose of 2FA. So where should I put those?
• I have my Bitwarden 2FA backup code in my wallet and in a safe at my house. Is that a good idea for the other backup codes?
• Is there anything I'm forgetting here?

I was browsing r/privacy today and I came across this guy going on about how Mozilla was just pretending to be privacy focused. Here's his comment. Now I don't really know what to think of this, and frankly, I'm getting really exhausted of hearing about how all the things I'm using aren't actually trustworthy. So can so someone put my mind to rest? Does this guy's claims have any truth to them? Thanks.

Thanks to all of you who gave me guidance in the thread about password managers. It got me thinking I should expand the question to overall best practices regarding security, just in case I have any other important blind spots.

What are the essential do's and don'ts of digital security for the average person?