Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
For me, if this happens, it has no impact since almost every page i sign up to has a unique password. The most important ones has mfa as well.
Use a password manager. Simple.
Same, but I do have some level of worry regarding portability. My solution isn’t local or self hosted, as I was looking for easy and works across Linux/Windows/Mac/Android/iOS. I do not look forward to needing to change to a new password manager in the future, but given the way everything seems to be going it seems likely that I’ll have to at some point.
It takes a little more effort to setup, but the alternative to syncing a local keystore db like KeePassXC would be vaultwarden, which is a self hosted open source Bitwarden server that gives you all the features of Bitwarden and has full compatibility with all the clients.
Spinning it up is actually very easy, you just have to decide if you want to integrate SSL via a reverse proxy setup or just use the builtin webserver for HTTPS.
KeePass and syncthing. I use Keepass2 on a Linux desktop and laptop, KeePassDX on Android, and use syncthing to keep everything synchronized and up to date, also using an old raspberry pi to act as a central server for syncthing.
Modifying the database on one device seamlessly updates the other devices once they’re visible on the network, everything works beautifully and is very easy to set up on a local network.
Pretty much default configuration all the way around, just gotta make sure syncthing starts on boot. Just did a brief search, syncthing seems to have a MacOS fork, and iOS will need Möbius Sync, which is paid but the free tier offers 20MB storage sync which is overkill for KeePass.
Right answer. In fact, the only viable answer.
I think its almost a crime that browsers havent evolved to make users generate unique, secure passwords by default. Its just another huge sign that these browser companies dont care about security or privacy, despite their marketing departement rabbling those words.
I dont think there has been any evolution at all in this area. Browsers can save passwords but they dont help the user generate secure, unique ones, and dont encourage users to have separate accounts. Instead the web is trying to make users use something like Google or Facebook logins, so they are completely dependent on those tech companies.
Firefox generates random passwords for you by default. You have to disable it in the settings if you want to use another password manager besides Firefox’s built in one.
You can right click any password field in Chrome and the first option is “generate random password”.
2 Issues are the they (1) it is unreadable by humans instead of being a passphrase, and (2) The generator does not read any rules off the page so you might have to add a special character.
But the functionality has existed for over a decade
@Rooster326 @1984 it also asks if you would like to generate a secure password, rather than it just being on right-click, in most “new password” fields.
Google password manager also warns you if you have duplicated passwords saved in it and prompts you to create new, unique ones.
I don’t like Google but they do ok with password management I think.