Android

I dont use password managers.

I just use a set of random words + random numbers, usually something related to the website, the time period (like major global events), maybe just the mood I'm in when I created the password.

Example: For Lemmy, I might use IslandMazeMouse0216 (I do not use the password btw, never used this before and now never will, don't try hacking me lol)

"Island" because the fediverse is like a bunch of islands, that formed together into one fediverse, "Maze" because this shit is confusing, and "Mouse" because the Lemmy logo looks like a mouse, 0216 because of June 12, the day the protest began, 0612, but reversed, but not reversing the 0, so 0 216.

Now I feel dumb for explaining, but also want to hear opinions.

But you see, it doesn't matter. Most websites have login limits so you can't really brute force the password. I just hate "password managers", if I were getting old, I'll probably just put my passwords inside a Standard Notes note, or just put it in a txt and use 7Z AES256 and upload it to a few cloud services.

For offline passwords, like a Windows Veracrypt encryption password, I use 5-8 random words with 5-7 random numbers and increasing the PIM.

For mobile, I use like 16-25 digits numerical pin, alphanumeric passwords are just too hard to type. I've been experimenting with long alphanumeric password + biometric, or a pin, and honestly idk which is better. I don't want someone accessing my phone while I'm sleeping, I might forget to turn off biometrics before I sleep.

I'm not gonna encourage everyone to do what I do, I am not a security expert, just some dude on the internet, but I just want to share how I deal with passwords. Feel free to criticize any flaws. 😅

Lastpass for like, a decade. I can't understand how anyone can not use one.

I'm trying out Bitwarden after moving to a Sony phone (my Samsungs came with their inbuilt password manager) however it keeps asking for a master password all the time. Is that normal?

I'm probably an ignorant paranoid about them, I know I should google a bit of them, but instead I'm going for the ol' trusty ask the community.

Do they save your passwords locally or in the cloud? If locally, what if I want to sign in in another device? What if I lose the device I have my passwords on? What if they hack my device? If in the cloud: How can I know the service is not stealing my information? If I can access it anywhere, wouldn't that mean it also needs a password? Wouldn't that make it twice as unsafe as it would only take one password to access the rest?

Edit: Damn, I got extremely useful answers, I'm starting to like lemmy!

For a very long time I only used browser stored passwords; at one point I wanted to use Vivaldi on my smartphone, but at the beginning it didn't have password sync, so I had to figure out something. I think this is when I first tried LastPass, but got discouraged from using it by 1) their security incidents and 2) them removing mobile device sync from their free tier. This is when I switched over to BitWarden, which I've been using ever since; I'm currently even considering hosting my own instance of it.

I held off on using a password manager for a long time. I used an open source one for my buisness for a while but almost lost the file in a computer failure, lucky I had a backup.... . somewhere.

After that I looked at a cloud option and finally settled on one, then the business died down and I kept using it for my personal stuff. I can't believe I didn't use one earlier. Life is so much easier now, no need to go between my bad password, Medium, and strong. Everything just gets a random password now and no need to worry about a string of 2fa messages hitting my phone when a password gets pwned.

Self hosting one isn't difficult and allowz you to maintain a high level of security

Used Dashlane for years. Works great on PC, android, macs. Comes with VPN which i rarely use but nice to have when needed.