One person even told me they were upset that websites wouldn't tell you password requirements after you create your account,

To be fair, that is super fucking annoying. I hate when I tell bitwarden to save my password only to have the site come back with it being too long and only some special characters are allowed.

people who use a password manager but store the master password on Discord

??????????

My sell on password managers is quality of life. You never have to reset your passwords and you can use a hotkey to enter it faster than typing. Gone are the days of fat fingers.

But I get where people have an issue. It's one point of failure vs. many, but they don't realize It's easier to well secure the one than it is to not spread the same vulnerability everywhere.

I tell non techy people to use a physical book that they can secure. People know how to do hide things or put them in a safe. Digital security is harder to understand and I would say a book in a safe place is way better than reusing passwords they find hard to remember.

In my experience preaching this same thing to many users at work and just personal friends, they won't change their ways. Because "omg not another password to remember" and "that's too much work to login just to get a password".

I've just stopped trying to educate people at this point. That's on them when their info gets leaked or accounts drained.

I'd be open to using a pw manager then I read the comments here and everyone is suggesting different apps, arguing over how inconvenient one or the other it, various issues, etc. It doesn't make me feel like taking action if everything feels sketchy.

Been using 1Password for 6+ years and I probably won’t use anything else ever. My wife and I both use it and have a shared family vault for things we both use. I couldn’t live without a password manager.

I was in the US Air Force for 20 years, working as an IT guy, and our computers were so locked down, you couldn't use password managers at work. Nor were you allowed to bring them in.

Almost every office I worked in was secured; no removable electronic devices allowed. No cell phones, no flash drives or removable drives. Heck, CDs were a controlled item. You had to check with a security manager for approval before bringing in a music CD, and and data CDs required a log of their use and physical control by a trusted agent.

Plus, the computers themselves had a custom-configured OS and you couldn't install any software on them that wasn't on a pre-approved list. Half the time, normal users needed to talk to an admin like me to install something, and I might not even have the rights at my level to do it.

I didn't get to mess around with password managers until I retired a couple years ago, and they've been a game changer! In the military, we needed unique complex passwords for everything, can't reuse passwords, can't write down passwords, and you had to change them every 60 days.

Having a password manager makes my personal accounts so much more secure. I can have super complex passwords for everything and not need to remember them. I currently have Proton Pass (been de-Googling my life and switching all my stuff over to Proton lately) and it's been wonderful.

I don't know why the military doesn't get some sort of password manager approved for use. This is far more secure than what they've been doing in the past. I had 3 standard password templates, then made minor changes to them for every unique account. If they got too complex, I'd forget them (and again, we weren't allowed to write them down). Now I can just auto-generate a 25+ character complex password and I don't even need to remember it. I love it!

It is truly upsetting to see how complicated for use password managers are.

I grow up around computers and I can barely mange them. Other people just don't understand how to use them, it is complicated and inconvenient. Even after I set them up and show them multiple times, friends don't manage.

In browser password managers cover 90%, but I guess web sites and apps need to start testing UX for password managers. Some of them introduce stupid flows that brake all of them.

Android is complete shit show.

It is not users, but applications and UX that doesn't care about security.

Personally, I use PassWord123! for everything. It says its a strong and secure password so why wouldn't I use it for everything?

I have the need to have different accounts to everything. Hate to perform the sign up process over and over again. They really need to standardize this.

Passkeys is one step forward but far from enough.

I hate the idea of having to login again and again with just a minute interval that I see BankID requires as it is for different things. Like I constantly have to prove it is still me here. BankID is the app in my country that gives you access to your Bank account, government stuff and so on. It connects to your personal number and ID you in real life.

So the issues you describe is just the result of how bad designed the web is today. It is simple for every company but hard for the user.

My dad somehow believes that that password managers are very insecure ( he got that from some sort of 'reputable source', so me telling him bitwarden is secure doesn't help) and he just writes down all of his completely randomly generated passwords in a notebook, which always seems really inefficient to me, especially when he writes a character down incorrectly.

Been using Bitwarden for a couple years now…

No regrets

Using 2FA on all accounts that offer it is just as important. And make sure to use a good, open-source TOTP client like Aegis on Android or Tofu on iOS.

Definitely make sure to backup your seeds in an encrypted format (e.g. Veracrypt container or GPG-encrypted files). If you lose your seeds, you lose access to your accounts.
I like to use the automatic backup feature in Aegis, which syncs my encrypted vault to my Nextcloud server. You can also enable compatibility with Android's backup API and use that if your ROM includes a backup solution like Seedvault.