Lastpass? 1Password? Bitwarden? Sticky notes?

Curious to know what other folks use, in my experience they're kind of all bad. Wish passwords would just go away as a concept.

Big big fan of pass. It's just a comfy UI on top of a local blob of GPG-encrypted files. There's a good android app and windows client, and I've written my own integration with my window manager on linux.

KeePassXC Password Manager with Syncthing and don't forget the KeePass Browser Extensions: Firefox and Chrome has one too. Also, KeePass DX for your phone. iOS has its equivalent as well.

I think another layer that I like about this is that you're a smaller target. Naturally, there's going to be a lot more incentive to break into those big, popular password managers/ businesses.

I'm on Linux, my strategy is to use Keepass to generate and store all my passwords, and then I use Firefox on my computer and phone and store let that save my non-critical passwords, that way it gets synced between my phone and computer.

1Password is solid, or at least secure and usable enough that I don't mind paying for it.
Downside - the major version updates are sometimes buggy/weird on release, like not warning about needing to re-authenticate after updating. Got burned by that and was locked out of my account for a week while traveling.

Yeah just sticky notes IF they are written down. I'm what you would call "An extreme Free/Libre software zealot" AKA The full Stallman - so naturally something a little funky is done on my end. ;)

I've been using Bitwarden in conjunction with Firefox's built-in for a couple years now. Overall, I think Bitwarden is very good and I have a lot of faith in the company. The Android app is also pretty good, especially at detecting login prompts in most apps. I do find it less convenient than Firefox for daily web browsing, which is why I use them together.

At $day_job we use SecretServer, which I think works well in a corporate environment.

i use bitwarden too. i used to use lastpass, but after they went fully premium for the most basic features, i switched. and funnily enough they've been the platform with the most data breaches the past couple years, so good riddance to them.

work still uses lastpass, but typically every previous company i've been at used 1password

also a user of Bitwarden and have been for a few years now. Overall a big fan of it - not hugely a fan of the big investment they got recently, but still seems solid at the moment!

I, as several here have mentioned, also use BitWarden, and same as you I used to use LastPass until all the breaches and charging for basic features. I am a proponent of zero trust solutions as long as they are encrypted well enough which BitWarden seems to be. I just recently got my IT Director to start using a password manager for our internal stuff (before I left IT). Before that it was a password protected Excel sheet........

lmfao

I wouldn't do this at work, but writing stuff down on dead trees does have some merit, assuming you have a generally secure physical environment. The old notebook I used to write secrets in has never been breached, can't say the same for Lastpass.

I use KeePass2 and synch across my devices with SyncThing.

I also use the password ******* for my vault.

LastPass, but I really want to switch off it. On two different Android phones the app always loses permission to fill in the password. At least 3 out of 5 times I use it I can't until I enable some setting. I'm pretty sure it's the OS taking the permission away, but I can't figure out how to stop it. I'll be checking out 1Password next, I heard my work is going to start using it.

I've been a happy customer of pass for several years now. However, since reading the source code a few months ago, I've been meaning to switch to something else, or write something myself.

LastPass, 1Password, etc. aren't options for me because my passwords are stored somewhere outside my control.

Vaultwarden on a RPi4. I used to faff about with KeePass but none of the phone apps/extensions come close in terms of usability and experience as Bitwarden.

another vote for 1Password. I used Lastpass starting way back in ~2012 but switched to 1Password after their first security incident in 2014.

Before that I just used a pgp encrypted txt file that I'd hand edit and cut/paste from.

i just use firefox lol it works fine for me, no issues so far. i use firefox on desktop and mobile both, the syncing works good enough too.

So I've recently switched from LastPass to 1Password. I gotta say, the auto-fill on Android often feels worse with 1Password. Generally if I open 1Password and unlock it, then switch to the App I want to login to, it will give me the prompt to auto-fill. But not always. And it takes a few seconds for it to give the prompt.

On the web browser side, it works just as well, and that is my main usecase. It has a better track record than LastPass so I'll stick with it. Neither one really satisfies on Android, maybe it's a platform thing.

I did like that it has a cool paper printout for you to write down your master password & have a QR Code to keep in a safe place. I was already doing that with LastPass but it's nice to have it part of the procedure now.

I used LastPass for a few years but after a few security breaches they had over the course of one year I switched to NordPass. It has worked well so far but I'm always on the lookout of better alternatives.

Also, I feel having this discussion without mentioning multi-factor authentication / 2-step verification is a little silly. I'm currently using Aegis Authenticator. I've read KeePassXC also does this? But I've also read it's worthwhile having these OTPs seperate? At the very least, I think it's nicer having a dedicated app for 2FA rather than an all-in-one passwords manager with 2FA added on top.

I use pen and paper. It has its unique cryptographic method of my terrible handwriting and is completely off the grid, so it's basically unbreakable.

Yeah, you can right click to add TOTP to it and from there you can just Ctrl+T your codes into the clipboard for 10 seconds. It doesn't show the codes so it's safe against screenshot snipers and automatically deletes it after the 10 seconds pass too, good stuff.