I guess now is as good a time as any for them to start using a proper password manager.
Personally, I recommend Keepass - it has multiple clients for all platforms, and you can keep the file in sync with a program of your own choosing, like Dropbox, syncthing or whatever you like.
Bitwarden is probably a more pragmatic choice for most users, given that it’s free and without having to manage the syncing yourself.
Any password manager is better than the alternative, though.
I’m not sure what you’re comparing it to. Keepass is free too, in fact it’s open source. In my opinion, local software and database that is under your control is always superior to cloud.
Keepass over Bitwarden offers a lot of plugins and integrations, again, if you want more customization or automation.
But, I would say you can use any online password manager as long as it’s end to end encrypted, so Bitwarden is a good choice.
Also, local software and database is always superior to cloud.
Now there’s an unfounded blanket statement if I ever saw one.
Keepass XC on PC, Keepass DX on Android, Syncthing to sync database
Works flawlessly!
Most amazingly, this setup is also unexpectedly resilient against merge conflicts and can sync even when two copies have changed. You wouldn’t expect that from tools relying on 3rd party file syncing.
I still try to avoid it, but every time it accidentally happened, I could just merge the changes automatically without losing data.
I store my DB in Dropbox and use KeePass2Android on phone which has built in Dropbox sync.
Exactly! Self hosted FTW. Chances of a data breach… Typically pretty minor if you are smart.
Chances of losing the data is higher with selfhosting too. Unless you’re doing some sort of multizone replication, or course.
Keep vaultwarden behind wireguard for local only access then also use https certs and good master password. Very secure like this
+1 for a self-hosted Vaultwarden instance. If you’re technically capable and have extra hardware laying around this is the best way to go.
Although a backup is still required or you are gambling on hardware outliving your need for your data.
If you never, ever need your passwords outside of your home, that’s great advice - it’s as secure as can be against digital theft. Less so against fire though, and backups are out of the question.
Backups are easy? Just copy to another piece of paper and store somewhere else.
I’m just being facetious though.
You can have backups of physical books. Just copy the text from one to the other. Yeah it is manual work but so is writing the first one in the first place. You can then store the second copy in a fire resistant safe or at a friends or family members house (maybe inside a safe as well).
This is the first suggestion here that’s actually within the technical abilities of most people, even most Lemmy users.
The level of technical knowledge some of people here seem to think the general public has is absurd.
I’m usually the one promoting technical literacy to all but in this case I honestly don’t use a password manager.
If getting a Dropbox account is too difficult for them, I seriously wonder why they’d be subscribed here, or reading articles about password management in browsers.
Never trust your credentials to a private company, they could be bought out by state actors.
The xz compromise having demonstrated that FOSS projects are totally immune to interference from state actors…