Android

Started using RoboForm on Windows XP, switched to Mac, used several there, came back to Windows 7, used LastPass and then dumped LastPass after they were acquired by LogMeIn which, as predicted, poorly managed the product to where people are getting locked out of their passwords. So now its 2023 and I'm back on RoboForm.

(If anyone has any reason to not use RoboForm I would appreciate, however I need to use password sharing occasionally, which is a feature) Edit: just realized this is an Android group but RoboForm has a pretty good Android app, FYI.

Bitwarden's browser extension is great, which is something I can not say about their mobile app which is slow and not very user friendly. It does, however, make my passwords safer since I tend to use random ones.

I use keepass and host the files "myself", means in my clouds, keepass droid is a nice adfree app, I just like to have control over my passwords after I read some articles about password "safes". It's a bit effort to setup, but since then works perfectly.

I don't but I should even though my threat level is zero.

But then isn't a single point of failure a problem? I guess we use these to make life easier with strong passwords, but what if the cloud with sync gets leaked, or someone keylogs my pass manager then I lose all passwords not just those incidentally affected by a leak or hack?

1password family user here. I cringe nowadays when people still try to remember their passwords and accounts and say they have a "good" system. It's a necessity nowadays. Sounds like the consensus favorite around here is Bitwarden. Anyone wanna tell why they prefer it over 1password? Is it because it's self-hostable?

I absolutely use a password generator/manager. Using Bitwarden.

Just moved from bitwarden to proton pass, so far so good. Would recommend keepass, bitwarden,1password but definitely not lastpass.

I personally use pass, which uses gpg for encryption and can also use git repositories (I use it with my personal gitea instance).

Anyone not using a password manager is shooting themselves in the foot and often time not realizing till its too late. Along with that sign up for a service that notifies you of data breaches, I think bitwarden has one built in (might only be for subscribing members though) and there is always https://haveibeenpwned.com/

There are a lot of people recommending a very specific program in this thread. Be skeptical, everyone. Do your research on the strengths and weaknesses of these types of tools, and the specific offerings of all current leading services.

Ive used 1password since almost the beginning. Cant say I have any complaints at all!

Yeah I use Lastpass, it's very useful. I'd like to switch to something FOSS and locally encrypted, but honestly I've tried a couple times and never got it working properly, meanwhile Lastpass always works. I hate their blinding white UI lol.

A shame I haven't seen Passwordstore (pass) here. Simple, transparent, and to the point, with great extensibility to boot. It also interacts with git allowing you to version track your own storage, which is a huge plus for me since I use git daily.

On other choices, I think the largest point you should consider for a password manager is the ability to self-host your own instance. Opensourced server code is the next best thing. In security, human trust should never be trusted, and even if the company is not lazy and malignant about your data, bundling up a lot of them create obvious larger targets for potential hackers, and you have higher chance of getting the collateral damage than localized ones.

I used LastPass until they went for-pay with very little warning. So to protest I subscribed to Bitwarden premium (or whatever their paid tier is called)! Can recommend.

I finally committed myself to getting BitWarden set up, maybe a year ago. I wish I had done it sooner. I use it to generate all my passwords, and I have it installed on my phone and desktop. I love remembering only one password and knowing all my other passwords are secure. For me it's a no-brainer.

I would love to use one, but to be honest, I have not found one that I trust, so far.

The perfect "password manager" would require 2FA, has some kind of "online backup" (cloud) that I can host myself and has to be open source. So far nothing really seems to offer all this.

I use bit warden and I love it. And yes, I would recommend using a password locker. Just make sure you do some research before selecting one.

I just use the chrome password manager, works great and seamlessly transitions from Android to desktop. I used to use KeePass, but the convenience of the built in tools in chrome just works really well, especially after moving over from iOS.

I don't use them. I see this as a putting all eggs in one basket strategy, if my master password was lost, hacked, hosting company shutdown, or for whatever reason refuse to do business with me, my entire life would be screwed.

Instead I use long passwords made of words, and for each site it will be a few letters off. They're easy for humans to remember because how similar they are, but due how hash works they are equivalent to unique passwords to hackers.