Android

I'm trying out Bitwarden after moving to a Sony phone (my Samsungs came with their inbuilt password manager) however it keeps asking for a master password all the time. Is that normal?

I'm probably an ignorant paranoid about them, I know I should google a bit of them, but instead I'm going for the ol' trusty ask the community.

Do they save your passwords locally or in the cloud? If locally, what if I want to sign in in another device? What if I lose the device I have my passwords on? What if they hack my device? If in the cloud: How can I know the service is not stealing my information? If I can access it anywhere, wouldn't that mean it also needs a password? Wouldn't that make it twice as unsafe as it would only take one password to access the rest?

Edit: Damn, I got extremely useful answers, I'm starting to like lemmy!

Using Google' Pass Manager, it's really good sync across your devices if logged in with your Google account. It's not that good that it's embedded inside Chrome app on Android, it's might be much better if there's a dedicated client.

What's wrong with dashlane? Been using it for years, really don't want to take the effort to move to bitwarden or whatever the flavor of the month is...

I use Bitwarden!

I like that I can share password with my team. :)

I use EnPass since it came out. Bought the lifetime license back when it cost about 8€.

Lastpass for like, a decade. I can't understand how anyone can not use one.

Bitwarden all the way. Self hosted too.

However, I really wish they would steal the look and feel and custom document types they do over at 1Password. I moved from 1Password to Bitwarden a while ago but really miss the sexy look and feel of 1Password. Bitwarden is very "linux-y"

I dont use password managers.

I just use a set of random words + random numbers, usually something related to the website, the time period (like major global events), maybe just the mood I'm in when I created the password.

Example: For Lemmy, I might use IslandMazeMouse0216 (I do not use the password btw, never used this before and now never will, don't try hacking me lol)

"Island" because the fediverse is like a bunch of islands, that formed together into one fediverse, "Maze" because this shit is confusing, and "Mouse" because the Lemmy logo looks like a mouse, 0216 because of June 12, the day the protest began, 0612, but reversed, but not reversing the 0, so 0 216.

Now I feel dumb for explaining, but also want to hear opinions.

But you see, it doesn't matter. Most websites have login limits so you can't really brute force the password. I just hate "password managers", if I were getting old, I'll probably just put my passwords inside a Standard Notes note, or just put it in a txt and use 7Z AES256 and upload it to a few cloud services.

For offline passwords, like a Windows Veracrypt encryption password, I use 5-8 random words with 5-7 random numbers and increasing the PIM.

For mobile, I use like 16-25 digits numerical pin, alphanumeric passwords are just too hard to type. I've been experimenting with long alphanumeric password + biometric, or a pin, and honestly idk which is better. I don't want someone accessing my phone while I'm sleeping, I might forget to turn off biometrics before I sleep.

I'm not gonna encourage everyone to do what I do, I am not a security expert, just some dude on the internet, but I just want to share how I deal with passwords. Feel free to criticize any flaws. 😅