I guess now is as good a time as any for them to start using a proper password manager.
Personally, I recommend Keepass - it has multiple clients for all platforms, and you can keep the file in sync with a program of your own choosing, like Dropbox, syncthing or whatever you like.
Bitwarden is probably a more pragmatic choice for most users, given that it's free and without having to manage the syncing yourself.
Any password manager is better than the alternative, though.
Keepass XC on PC, Keepass DX on Android, Syncthing to sync database
Works flawlessly!
Most amazingly, this setup is also unexpectedly resilient against merge conflicts and can sync even when two copies have changed. You wouldn't expect that from tools relying on 3rd party file syncing.
I still try to avoid it, but every time it accidentally happened, I could just merge the changes automatically without losing data.
How did you enable merge conflict resolution for KeePassXC databases?
Vaultwarden ftw
Exactly! Self hosted FTW. Chances of a data breach.... Typically pretty minor if you are smart.
Chances of losing the data is higher with selfhosting too. Unless you’re doing some sort of multizone replication, or course.
I use syncthing so there's a copy of my password database on each of my devices.
I put all my passwords in a text document, then print it on a little strip of paper and shove it up my ass. Whenever I take a crap, I dig it out from the turds and try to memorise some of them again. Then I shove it back up there where noone else can find my data and I won't lose it.
sh.itjust.works
Forgot to mention I delete the text document and set fire to the computer's hard drive. The passwords are only ever in my ass, with the rest of my personal shit.
Following up your own shit post with another shit post is shit post gold.
Bitwarden here. Works well.
No $10 gift card?
Lame.
"Chrome users" or "Chrome under windows users" would be closer to the truth. Still, quite a screw up.
Something like 2/3rds of the world uses chrome for desktop. I'd bet that number is higher for windows specifically. If you're the rare person who doesn't use chrome then you're savy enough to know this doesn't apply to you
No-one should be using any password manager built into any browser, neither Chromium-based nor Firefox-based. Browser password databases are almost trivially easy for malware to harvest.
Go with something external, BitWarden or 1Password, or if you are entirely within the Apple ecosystem their new password system built into iOS 18 is apparently really good.
Go with something external, BitWarden or 1Password,
When it comes to security software, I usually recommend sticking to open-source solutions, which is why I'd recommend Bitwarden over 1Password. Their whole stack (backend, frontend, and native apps) is all open-source. A premium account is well worth the $10/year.
You can self-host their server, or self-host Vaultwarden which is an unofficial API-compatible reimplementation of the Bitwarden backend designed to be lighter weight. Note that Vaultwarden is unofficial and hasn't gone through the same security audits as Bitwarden has. It's a good piece of software though.
Recently started using Bitwarden and it works really well. You can even ditch authenticator because it has OTP built in too.
I selfhost it though because I trust nobody with this type of sensitive data, encrypted or not.
By storing your passwords and otp in the same place it becomes 1 factor authentification
Not really as you're still protected from password breaches, which is most likely to happen anyways, especially if you self host.
If you're actively being targeted for your bitwarden password, you likely have bigger problems
A friend has a notebook next to her computer with all her passwords in it. Initially I was horrified - what if you're burgled? - but actually it's genius. Much more secure than letting a browser remember them, and she doesn't even need to memorise a Bitwarden password.
In a household it's probably not that bad. There aren't many people breaking into homes looking for account details.
I've had my identity stolen several times, and every single time it was stolen from a Fortune 500 company.
I just make all of my passwords password123 then I don't have to worry about memorizing them
Just add the same memorized bit to the end. Something simple like "123" would work. Even if the book is stolen it won't do them any good.
feel like "aaand it's gone" would fit better here
Premium Bitwarden is so cheap and effective that I find it difficult to justify using an alternative.
Keepass with syncthing is completely free and doesn't rely on cloud hosting
No password manager is 100% safe. Make back-ups.
That's definitely a change from companies just leaving passwords around for anyone to find.
Me when I don't use Chrome, I don't use Windows, and I don't use browser password saving either
This is a most excellent place for technology news and articles.
