[Spivak]

Bitwarden is my goto. If you're the selfhosting type bitwarden_rs (now vaultwarden) is free and easy to setup. If not BW's cloud hosting is also fine. Vaults work offline just fine, apps on every major platform, biometric unlock if you care about such things, and autofill on browsers/ios/android. And they have a snazzy officially supported CLI tool.

[ulimn]

And if you pay $10/year, it has 2FA as well. And you can add notes and such. It's definitely worth using (and paying imo).

[YXNjaGVyZWdlbgo]

Wait so it lets you store your 2FA secrets and your password in the same place? That sounds counterintuitive.

[jfrunyon]

It's super useful for a few sites I visit frequently who require 2FA but I don't need that security. But yeah, otherwise it's a pretty remarkably bad idea.

[scrollaway]

When you sign in to a website from your phone using a saved password and use that same phone for 2fa, it's pretty much the same thing.

The whole meme that saving the 2fa seed to password managers is a bad idea needs to die. Most of the advantages of 2fa are still present when using a password manager.

[jfrunyon]

It's the other way around. Literally all of the advantages of using 2FA are not present when you store both factors together.

[scrollaway]

You are wrong. The primary advantage of 2fa is the OTP part, which wards against keyloggers and password reuse.