I use the password manager Bitwarden, but Proton Pass is looking kinda nice.

Open sourced password manager + open source 2fa wherever available. For password managers many will suggest Bitwarden & i recommend that to my family for its ease of use, though I personally use Keepass (because it allows me to store multiple documents & have them readily available offline. Its not as straightforward to set up sync compared to Bitwarden, which does it by default).

I would never allow a browser to store any information such as passwords, credit card info etc

On mobile I use password in conjunction with biometrics. Sensitive apps are only ever stored inside secure folder which has no biometric access & has a different password to main area of phone.

I absolutely refuse to use google/apple/samsung pay.

Please consider password manager, once you wrap your head around not knowing any of your passwords except the strong master password it becomes second nature. Get out of the pen & paper habit!

Top tip. For any new signup, once you've generated a strong password make a note within the password manager of the email address you used to sign up with (yep, get used to using multiple email accounts). When that site inevitability suffers a data breach it makes life easier when they send the change of password verification email

I write my passwords down using a diamond-point scriber on a tablet of solid gold, which I keep in a secure location.

Online accounts can't be bruteforced

I'm sorry, but that's just wrong.

Majority of sites have awful security practices, not to mention massive breaches.

Get yourself either a password manager (Bitwarden is the best), or something like Yubikey + unique sentences.

Biometrics do not provide security, they're purely for convenience.

I run my own instance of vaultwarden (100% compatible fork of bitwarden) and use the standard bitwarden client on Android and browser plugin in Firefox. My master password is really long and I use 16 character passwords as standard in BW. I have biometric set up for my phone just to make it a bit less hassle.

Edit: and I set up MFA wherever possible with a yubikey

This may be a dumb question and I see here as well as elsewhere that a password manager is the best option. What makes a password manager safer than managing passwords yourself? I see the efficiency and ease of us aspects, but I’m less clear on the security portion. Thank you!

Been on bitwarden a few years now. It's great

I'm using keepass on pc and Keepass2android offline on mobile. Protected only with a big password (you can memorize it ~however long it is, as long as you sit 15mins to learn it and use it from time to time). I try to use long random passwords (made by me). I haven't uploaded my database anywhere online. I might have printed it though.🙃

For only a few logins, I've saved them on my browser.

Keepass xc and optionally syncthing

Would strongly recommend a password manager. I use bitwarden, you can use self host it or not. If you don't like bitwarden there are plenty of free options. Random password generation and sync is going to be a better practice than much else I can think of, so I'd encourage you to go for it! 😬

I have been a paying costumer for bitwarden for couple years, but now I am planning to switch to proton pass soon. $1 for unlimited email alias is simply too good.

Been using passwordstore.org for like 12 years I think

Bitwarden for my personal stuff, KeePass for work (like to keep everything separated). Biometrics on devices that support it. I used to do what you did, and then Facebook got hacked and all my other online accounts fell like a house of cards, found out when my friend texted me asking WTF was going on and why was I posting links to porn sites everywhere. So, password manager and strong passwords for all the things. MFA is something that needs to become more common as well.

Self-hosted bitwarden instance with 2FA enforced through hardware key. pretty nice and relies on having the password and the hardware key.

KeePass, synced to my VPS. The key file on exists on my phone+tablet+laptops. Its biometrically authenticated on the phone+tablet - unfortunately, its just password-protected on the Debian laptop. The VPS is automatically backed-up to a completely different cloud service every other night. In the case of catastrophe on the VPS, there'd be cached copies of the vault on my devices and I can fairly easily retrieve a timestamped copy from the cloud server.

I also use a 2FA autheticator app on the phone+tablet. Its similarly biomentrically authenticated and backed-up to the VPS/Cloud.

I used a similar password method myself, but I did find many of my accounts getting hacked still. Unfortunately many online accounts can be brute forced, and using any combination of words and numbers makes for an easy dictionary attack.

I now use a password manager that I trust (1password), and a long hard to remember master password.

I do use biometrics when available, for the ease of use.

I only pay for 2 subscriptions: 1Password for families (and Spotify)

I have 236 logins... No way I'm gonna create secure and memorable passwords for that many sites.

I use 1Password on Linux and Android.

I manage my passwords with Bitwarden and Authy for 2FA. Another good option, is to use KeepasXC with Symcthing to have the passwords both on the pc and smartphone

Local GPG key pair + https://www.passwordstore.org/ synced peer-to-peer between devices via https://syncthing.net/

So the key is always local but the password database is being synced between devices.

pass on its own is great already (it's basically just GPG encrypted text files with a good CLI frontend) but I make it even greater by using a slightly modified "passmenu" script which utilizes wofi (rofi for wayland) in dmenu mode to show a very fast popup of all your sites you have passwords stored for and by selecting it / pressing enter the pw gets copied into the clipboard.

Lastpass for like 10+ years. I don't know how anyone can have any level of security without a manager. I have hundreds of passwords, all unique, and I never have to remember any of them.