I keep seeing people highly recommend them, but I’ve always thought it wasn’t very secure.
I think they can be much more secure than:
-
remembering your ( probably weak ) passwords
-
writing passwords on paper, which is slow, you can lose paper, break it, or someone can steal it
-
storing passwords in unencrypted text file
I use KeepassXC, which is offline, encrypted password manager. Every password is stored in one file, which to access, I must enter the one password I do remember. I recommend having backups of this file.
It has password generator included, so all my password are long, strong and unique. It also can auto fill password/login which saves time.
To increase security of your account even further you should also use multiple factor authentication, for example app which generates one time codes on your phone offline. It will protect you, even if your password gets leaked, or cracked.
regedit@feddit.online 2 weeks ago
There's no guarantee anything is "secure," anymore. Even if you run a self-hosted password manager, it could still be compromised at the package-level or down the road through some exploit. I will say that since I started using Bitwarden as my main password manager, I have had to worry less about company data breaches and stolen passwords. I have no need to reuse passwords for any site or service. I can use the built-in 2FA with sites that require it and don't have to have multiple apps. I can share passwords with my wife if she needs to access something under my name.
In addition to storing logins, I can store secure notes, even storing login-specific notes within the login details for things like one-time-use passwords, etc. I can store various credit/debit cards and recall them into payment systems whenever I want, without storing them in a browser. When using the phone, I can tie the biometrics to the unlocking of my vault so, with the vault locked, I can easily unlock it to find the login/info I need to submit to an app or website.
Obviously, all this comes with their own risks, but the level of risk of a password management is far lower than the risk of reused passwords and the mismanagement of security at the corporate-level. If you're really hard-up to keep your stuff offline, other products exist that are locally stored, but you'll likely miss out on access from outside the home in the event you need that login info somewhere else.