duhe

Need

I have been using LastPass for a while, but I just want to give a warning about the password to Lastpass: Make sure you remember it. I remember mine because I type it to log in every day. But I set one up for my wife where she just left it logged in on her laptop browser. It was fine until the laptop dies... I put in a hint that was so cryptic that I can't even figured out what it was. And you cannot recover the password unless you have a browser that was used to connected to Lastpass, and her computer died. It doesn't matter if you have control of the email that registered with the account, you won't be able to recover the password. We were lucky because I finally able to find the password that I have stored on my computer.. took lots of digging. I think if you have a paid account, you could set up a recovery method or something, but you have to do it ahead of the time.

LIH Prem

Can't you just store the wife's password as one of your passwords in your lastpass data?

-David

678flyer

I have been happy with Bitwarden, plus it's free.

STVA

I have a Keepass file that I manage on my computer, store on two different cloud services, and download to my phone. I get all the benefits of password security without being tied to a service/fees.

The main downsides are that there is some manual uploading/downloading of the file, and that passwords don't get automatically entered in my browser.

GregLeg

I do something similar. I use KeePass and sync my encrypted file to my Google Drive. I feel pretty confident about the security of my Drive (very strong password, and 2FA is set up with a YubiKey). Even in the unlikely event of a breach, the KeePass file itself is encrypted (with another, and very different) strong password.

jamcoley

Same here. Plus, it's open source.

Lussac

1Password for me too. Customer service/support is very responsive and first class, I've been a user for several years now mainly with Imac, MacBook Pro, iPhone and Android tablet.

antichef

I have an envelope sealed in a safe with the necessary details stored in case I croak it, and my executor who will need it has the safe details.

rufflesinc

If you have 2FA for an account, what additional security is provided by using a password manager?
how do you manage password managers on multiple devices

Igene

Most sync via the cloud

gfunkdave

Password managers make it trivially easy to use a unique random password on each website. That way people can't use a password from your account on a compromised website, on a new website where you may have used the same password (as most people do). Therefore they won't even get as far as getting a MFA prompt.

Multiple devices depends on the password manager. If you use something like the Apple password manager it will work seamlessly on iPad/iPhone/Mac but nowhere else. Chrome's password manager works only on Chrome. But other third party ones (1Password, Lastpass, Keepass, Bitwarden etc) also work seamlessly when you install them. I use 1Password on my iDevices with the 1Password app, and on Chrome with the Chrome extension.

Igene

I'm a solid 1Password user.. I've tried them all.

I did look at Dashlane, their attachment implementation is horrible. In 1Password, I can create an entry for my Passport, with all fields and I can actually link an image of my actual passport to that same record, such a novel concept! Dashlane keeps documents in their own section.

Bitwarden looks like Windows 3.1, horrible UI and requires a paid sub for attachments, so at that point you lose the "it's free" data point
Bitwarden does not support passkeys on mobile devices
Bitwarden does not support password auditing in the app, only on website. Checks for dupes, weak passwords, lists sites that can use 2FA and passkeys
LastPass is a security nightmare

I'll add.. since this is a forum for travelers, 1Password includes unique vaults that can be put in a "travel mode" so they will not appear in your 1Password app.. if you were to have sensitive material, you could put them in one of these vaults to avoid inspection. I've never been too concerned, but I do keep a vault for my business and my mother's details. They are not accessible on my phone when traveling. if I need them, I can use a browser and re-enable them when I am at my destination. Bitwarden does not have this functionality

I don't mind paying for a service that works for me, hands down 1Password is my best solution.

Igene

Same..

I use the 1Password emergency kit, as you, in a sealed envelope in a safe.

StuckInYYZ

So 2FA/MFA is just a component as is a password manager. Depending on if you are a target and the resources the attacker has/needs, 2FA can be rendered ineffective. For example, someone can clone your phone (if the site uses SMS as the MFA authentication) or maybe access your email (another popular MFA authentication method). Having a longer (randomly generated) password for each site provides a time benefit for you especially if your MFA token has been compromised. Depending on your password manager, you can also control the level of encryption you desire (eg, KeePass allows you to have a master password + keyfile + windows login... overkill yes, but it's there)

Many web-based password managers sync via cloud. Personally I use KeePass which is not (by default) web-enabled. I manually sync my password whenever I make a significantly change in the DB (this also encourages me to make backups). But I also do this out of paranoia as a breach of the PW manager site is virtually impossible (cloud based say that their DBs can't be breached but you never know).

While travelling internationally, I usually put my password DB into an encrypted container (also contains scans of my passport and other documents) that doesn't have an extension so it's much harder to find and extract. I can also put this encrypted file in one of the cloud storage providers (like OneDrive or Drive or whoever) or copy it off of my home computer once I am at my destination if need be without worrying.