Password managers are much better than using the same password again and again. I use 1Password.

I use pass, its basically pgp with git. Works suprisingly well for such a simple thing

I don't but I should even though my threat level is zero.

But then isn't a single point of failure a problem? I guess we use these to make life easier with strong passwords, but what if the cloud with sync gets leaked, or someone keylogs my pass manager then I lose all passwords not just those incidentally affected by a leak or hack?

Using Bitwarden for password manager, Aegis for 2fa, been working great for me so far.

I'm probably going to get grilled for this but I've Been using Firefox's Saved passwords, I really don't need anything better.

KeePassX(C?) both on Windows and Linux. I used the windows version KeePass2 but there was a recent security vulnerability in it so I switched to KeePassX. Maybe it's already patched... auto-type doesn't seem to work in KeePassX on Windows so I might switch back but it's not that critical.

Just moved from bitwarden to proton pass, so far so good. Would recommend keepass, bitwarden,1password but definitely not lastpass.

Keepass with syncthing is GOAT

I don't use them. I see this as a putting all eggs in one basket strategy, if my master password was lost, hacked, hosting company shutdown, or for whatever reason refuse to do business with me, my entire life would be screwed.

Instead I use long passwords made of words, and for each site it will be a few letters off. They're easy for humans to remember because how similar they are, but due how hash works they are equivalent to unique passwords to hackers.

There are a lot of people recommending a very specific program in this thread. Be skeptical, everyone. Do your research on the strengths and weaknesses of these types of tools, and the specific offerings of all current leading services.

I use bit warden and I love it. And yes, I would recommend using a password locker. Just make sure you do some research before selecting one.

Does anyone have recommendation for a password manager that works well on both mobile and desktop? I browse with Firefox and while Lockwise is integrated into Firefox now and works fine on desktop, it's kind of 'eh on mobile in my opinion. It "works" but I find it to be fairly clunky and a lot of the time I need to open the Firefox app and just find the password in there and paste it in.

Does any other application work better for transferring passwords made on desktop to mobile more seamlessly? Looking for better detection of the user/pass via app or website.

Anyone not using a password manager is shooting themselves in the foot and often time not realizing till its too late. Along with that sign up for a service that notifies you of data breaches, I think bitwarden has one built in (might only be for subscribing members though) and there is always https://haveibeenpwned.com/

I absolutely use a password generator/manager. Using Bitwarden.

I just use the chrome password manager, works great and seamlessly transitions from Android to desktop. I used to use KeePass, but the convenience of the built in tools in chrome just works really well, especially after moving over from iOS.

Password managers are a great tool for digital hygiene. The main way an average Joe gets his accounts taken over is because it reused the same user and password combination.

I use pass which is a frontend for GnuPG. It's sort of primitive and I had to write user interface for it but it's super flexible. Since every password is saved in encrypted file syncing is easy and we use Git to share company passwords amongst ourselves.

I have proton subscription for mail, vpn the works. Just switched to Proton Pass and very happy. Auto creates alias emails on signups so my real email is not out there.

I toss my KeePass file (encrypted database) in Google Drive.

That way I have all the convenience of syncing through the cloud, but I also get the benefit of having my database access and database storage be managed by separate companies.

If Google has a breach and my data gets leaked, sucks, but the database is encrypted so I’m good. If KeePass encryption is broken, sucks, but attackers would also have to find a way to gain access to my Google Drive.

Keepass with key file. I synchronise only the database with cloud servers while the key file stays on my devices and never gets synched. I think that's a good tradeoff for security and convenience.