If you're on this comm, you've heard this before. You've probably been putting it off. It's time to stop being lazy and just do it.
Pick one. There's Lastpass, KeepassXC, Dashlane, and Bitwarden.
Lastpass, Dashlane and Bitwarden all keep your passwords online, and allow you to easily login to sites with autofill. KeepassXC is the most secure option, and keeps your passwords locally on your device so they aren't stored anywhere else. I don't recommend KeepassXC unless you're really paranoid or need extreme levels of security, since the usability of having to sync your passwords manually is a hassle that's just not worth it for most people. Those first 3 are good, secure options. Take a look, and then pick one. Your password for your password manager needs to be unique, used nowhere else, and LONG. These are all non-negotiable requirements.
AND THEN ENABLE MFA (MULTI-FACTOR AUTHENTICATION]
This makes you need both your password and a second token, like a one-time code on your phone, to login. It's mandatory. Any important accounts that you have NEED to have MFA enabled.
Cool, now it's setup. Put in all the passwords that you remember, add the extension to your browser, and let sites accumulate in the password manager for a while. Then, go and change all the accumulated passwords to long, random strings generated by your password manager. None of your accounts should use any of your old, long reused passwords. None. It's very likely that they're compromised, and they shouldn't be considered secure.
Possibly silly question: How is it secure to trust my passwords with a password manager? It sounds like they're storing the passwords, and my understanding is that it's a big problem when websites do that, which is why they're really supposed to store password hashes instead.
My fifteen seconds of research tells me that the online password managers keep the passwords encrypted, so they can only be retrieved by using the master password, and even the companies that make the password managers can't read my passwords. Do I have that right? Basically, I want to know what happens if, say, Lastpass has a security breach.
Good password managers keep your passwords as encrypted data on their servers and never have the decryption key. The key is temporarily generated on the device that you're using with your master password, which is never actually given to the password manager's server. So even if you stole all the data from the password manager's servers, it would be useless to you.
Here is a good video going into more detail.
Good answer and video. I'm sold.
The entire point of a password manager is that they store the passwords securely. This isn't like putting passwords in a excel spreadsheet in google drive, they use top-tier hashing techniques to encrypt your passwords. The point is that by not using one, you are probably more susceptible to having your accounts compromised because you either re-use passwords, have easily remembered passwords (i.e., not long or random enough), and/or have them written down somewhere where they can be retrieved. In any of these cases, you would be better off with a password manager than not. It's not perfect, but there is no perfect when it comes to cybersecurity, only better.
deleted by creator
That’s why I use KeePass. It’s not stored online.
you should use an off-line one