There are three kinds of people with respect to online password management
- People who largely use variations of the same password, arbitrarily changing them for different websites. Sometimes these people will get their act together and create some kind of unifying principle, but this will be largely short-lived. While there’s no central point of failure, these people are vulnerable to password leaks. In addition, they constantly experience a low level of anxiety about remembering their passwords and often need to reset.
- People who use a password manager. These people are locked in with a certain password vendor, and have a central point of failure in addition to vulnerability to price hikes.
- Cryptoheads. For these people, privacy is a core part of their identity. They are very willing to lovingly craft password management systems, memorize 50 character secrets, carry around hardware wallets, etc.
Ideally we could combine the following features:
- Easy to migrate off
- Open Source
- No central point of failure
The last one is the hardest to achieve, and the cryptoheads are the most likely to get that right. The ideal solution probably doesn’t exist yet, but if it does, it is probably the most user-friendly tool trusted by cryptoheads.
- As far as I can tell, the best of the bunch is Bitwarden. It’s OSS that generally receives great reviews on Hackernews. You can even self-host it.
- Keepass: Great mobile apps, and you can use cloud-based file-syncing software to distribute.
- Apple Keychain: Initially seemed great for people in the Apple ecosystem, but Chrome dropped support, and you have to use a paid extension.