Use the "passwords" feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They'll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
For me, if this happens, it has no impact since almost every page i sign up to has a unique password. The most important ones has mfa as well.
Use a password manager. Simple.
Same, but I do have some level of worry regarding portability. My solution isn't local or self hosted, as I was looking for easy and works across Linux/Windows/Mac/Android/iOS. I do not look forward to needing to change to a new password manager in the future, but given the way everything seems to be going it seems likely that I'll have to at some point.
It takes a little more effort to setup, but the alternative to syncing a local keystore db like KeePassXC would be vaultwarden, which is a self hosted open source Bitwarden server that gives you all the features of Bitwarden and has full compatibility with all the clients.
Spinning it up is actually very easy, you just have to decide if you want to integrate SSL via a reverse proxy setup or just use the builtin webserver for HTTPS.
KeePass and syncthing. I use Keepass2 on a Linux desktop and laptop, KeePassDX on Android, and use syncthing to keep everything synchronized and up to date, also using an old raspberry pi to act as a central server for syncthing.
Modifying the database on one device seamlessly updates the other devices once they're visible on the network, everything works beautifully and is very easy to set up on a local network.
Pretty much default configuration all the way around, just gotta make sure syncthing starts on boot. Just did a brief search, syncthing seems to have a MacOS fork, and iOS will need Möbius Sync, which is paid but the free tier offers 20MB storage sync which is overkill for KeePass.
1Password and Bitwarden both work across multiple devices, os's and browsers. Work uses 1Password which i have on work computer and work phone. i use bitwarden across home desktop, laptop, phone, homelab, testing phones
I use a password manager in my personal life but my job doesn't allow it so I have to keep the 10 or so passwords I have for various vendor sites in my notes. All my passwords are the same thing with slight variations to meet the different asinine password policies the different sites use. It's fucking stupid but I don't care if they're not going to give me a good way to keep all this shit straight.
Totally fair. I also dont care if company blocks things i need to do it right.
How unique do passwords have to be in order to be considered safe? If they follow a pattern are they still safe or do these bots try alterations to the leaked passwords as well?
Like if your password to Reddit was reddit1234 and your password to Google was google1234, if the Reddit password leaked is your Google one still okay?
Probably not if it's a human but bots shouldn't be able to figure that out ya?
They are completely random strings for each site, so having one will not help crack the other.
But if people pick their own passwords, it tends to be some word like you wrote, and then a hacker could try and crack the others by guessing similar words.
That would be great if I only used one browser on one device with one operating system. Between my work laptop, my Macbook, my phone, and my gaming PC nothing syncs and it's very difficult to share storage between all of them.
You can install bitwarden on all those devices. Maybe im not fully understanding...
I also dont use just one computer and platform.
Yeah, just tell your work IT staff that you need admin rights to your workstation so you can "install the software you want to" (that they don't supply or support or update).
See how well that works. /s
Ah right. Sorry, I just always used Linux with admin rights since I work in IT.
Didn't mean to offend you (or anyone else).
I work in IT too (Windows) and have admin rights on my workstation. Even though I have the power to install any software, it's against policy to do so (and technically that's a good policy).
Also, I don't like the idea of anyone/anything but me having my passwords. I go with 2FA if something is important/certified based 2FA if it's really important.
I share my Bitwarden account among 4 browser profiles on 2 PC-s.
I don't think anyone just uses one device anymore, pretty sure there are workarounds.