Password Managers? 🗝️

[Memory]

'abcdefghijklm' isn't secure, no matter how much you protest! 

Hah! You have no power over me! It's actually abcdefghijklm123!

[TheFrugalGamer]

I went with option 2, because I feel like it's the best of all worlds--I can store passwords and other data in a secure database (and that's really the thing I love about it. It doesn't just store passwords, but security questions, the email tied to the account, basically anything else I need to know about that account), but don't really have to worry about it being compromised as a service because it's as secure as the cloud storage I'm using (and no worries about a VPS config or anything, unless I decide to do that later, because I do have that option).

Which, I know those can get compromised, but even if it were, they'd still need to break the encryption on the file itself, which adds another layer. And since most thieves are looking for the path of least resistance, there's a larger than zero chance they'd just pass it over for something easier.

Every method has its flaws, but this one's worked pretty well for me.

[fLaMEd]

I use the same tools as Melon, 1password and Authy.

I have considered self-hosting bitwarden, but for something like passwords I don’t want to self-host as my home server sometimes goes up in flames.

I’m happy with the hosted tools, 1password with Fastmail is a great combo for keeping track of accounts and identities online.

[Yaya]

Hi! I've tried a few options but am still struggling to find something that works best for me. I originally used 1Password but I wasn't a fan of the interface so then I switched to DashLane which is so buggy it's practically unusable! I've considered an offline book but there's the worry that it might get ruined or I'll forget it when traveling. A self-hosted version is also a really solid option but I would probably need some support setting up. I think I'll spend sometime searching on GitHub as maybe someone's built something or can point me in the right direction!

[shevek]

I've had LastPass, switched to Dashlane, and recently switched to Bitwarden. That one is the best so far in my experience and doesn't bother me with monetization stuff at all; DashLane was so awful for this recently with their 25 password restriction.
Browser addon works perfectly. Transition went smoothly.
The only issue is transferring passkeys.. but that should hopefully improve this year in general for all kinds of password managers, and usually sites that let you use passkeys also offer passwords or magic links, so you won't get locked out.

[Kalka]

I'm a dinosaur regarding the matter so... I wrote them down on paper, there's just one that's very important that I keep on a USB key in the middle of other text within a file, just in case.

[succubunnii]

i leave notes or clues for my passwords around the place, hidden in my organised (sometimes) chaos. some parts are on a hidden scrap of paper that might relate to something in a notebook or i just remember that my password for 'x' site is the title of 'y' book on the shelf across the room including 'z' number and may or may not have a symbol depending on if the website required it.

I'M NOT PROUD OF THIS!!
i'm thinking of collecting them and putting them in a lockbox. if i can't unlock it.... i have connections to unlock it 

i do try to go for 2FAuthentication when i can tho.

[fancypengy]

I'm not married to it or anything but I use NordPass which was better than what I was using before (writing down passwords in my Apple Notes app mixed with using the built-in browser password keeper thing) and it hasn't become a necessity to use anything else. But I'm taking notes from the rest of y'all so thank u lol!!

[georgemoody]

Currently use keepass and have my passwords and my 2fa locally stored in an external hard drive (with backups scattered around on other local sotrage, of course). makes syncing as simple as plug and play

[BlazingCobaltX]

Used to do it all from my head until I got forced to regularly change my passwords and that became annoying to keep up. I use Bitwarden and it does exactly what I need it to do (and it's free!). The Android app works well, I can even unlock it with the fingerprint sensor. Only thing I discovered is that the app doesn't have any options for creating new maps, so file management is left for PC.

[Melooon]

I have a new password manager setup that I've been working on for a few weeks! The main issue was that while 1Password worked great on my new mac, I have so many older computers that did not support it; plus they upped the price, so it was time for a solution - ANY BOY DO I HAVE ONE!

I have a Syncthing folder setup between all my computers; it syncs general files I might want no matter what computer I use. It's also now syncing a KeePass file.

On all my macs I use different versions of MacPass (a nice KeePass client) to read that file. I made the KeePass database on the oldest mac (running OSX 10.9) so it uses the older db format, then imported my 1Pass passwords. Now whenever I edit/add a password on one computer, the KeePass file is synced locally to all my computers, and everything is fine and dandy. (The file can also be read on Linux and Windows systems too using another client)

HOWEVER that does not help me access passwords on my phone. So for that I have a separate copy of my KeePass file on a WebDAV server; I have KeePassium installed on my phone, and that can read/update the WebDAV KeePass file.

So the last bit is linking the WebDAV KeePass file and my local KeePass file; for that I made a lil NodeJS script. It connects to WebDAV, downloads the remote key file, then compares it to my local file. If the local one is newer it will upload it to WebDAV, if the WebDAV file is newer it will replace my local file. In both cases it also makes a backup of the file it replaced in a backups folder. I have this NodeJS script wrapped in a .app and I just double click it to sync manually when needed, but you could automate it if you wanted.

The upshot is that I now have all my passwords synced across every device I own, from 2014 vintage macs to my phone - its pretty secure, and it all just works and it will work  (in theory) forever, on any computer with a KeePass client (almost all of them), with no 3rd party services. 

EDIT: ALSO if I self hosted my WebDAV server, technically, syncthing could run on that tooo and only sync the KeyPass file, then serve that synced file out over WebDAV; so then no NodeJS script would be needed at all  (maybe ill do that  )

Tips if your are also running Mac 10.9:

• Here is syncthing ported to 10.9
• Here is the last MacPass build for 10.9 (I plan to port the newer database format into this at some point)
• Here is NodeJS 24 ported to 10.9

[candycanearter07]

Oh awesome! I always wanted to use a keepass db but the syncing issue was a major issue for me. I hope its possible to set up without any port forwarding issues...

[Melooon]

I hope its possible to set up without any port forwarding issues

That was why I went with my NodeJS system at first, I had no port forwarding at home. So everything Id described above can be done without ports (you just need a WebDAV file server somewhere - I get one free with my email from FastMail) - the only thing you need to forward ports for would be if you want to do the extra self host WebDAV I described at the end.

[Dan Q]

Like @Melooon, I use a KeePass derivative (I use KeePassXC on desktops, KeePassDX on Android) and Syncthing for most of my synchronisation (it's a little more-complicated, because I declare the copy on the pendrive chained to my wallet to be the primary, wherever it is, and everything else is a replica, but basically yeah).

But for anybody following this thread who's thinking about their password policy: the single most-important thing you can do for your password security is don't use the same password in multiple places. Ideally, all of your passwords should be (a) complex and (b) long, but the most important thing is that they're (c) unique! If you have to choose between one good password or ten bad passwords, ten bad passwords is, in general, better! This side of 2002, more successful password-based attacks are orchestrated based on reused passwords than are based on weak passwords.

(And if you want to see my credentials for the statement above: I've spent most of the last 20 years working as a computer security professional; I've got a masters degree in information security and digital forensics; I used to guest lecture at the University of Oxford on the subject of usable security; I've undertaken original academic research on password security policies. I know how and why passwords work, and when they don't!)

[Sumstuff]

I just use Bitwarden, since its free.
I also think the automatic password generators are a big benefit to these kinds of password managers(of course someone who's paranoid about they're passwords getting found out is not gonna use something like that(i don't know if Bitwarden's passwords are generated with pseudo randomness or not))