[unaindz]

The threat model of storing passwords in an encrypted file with live sync is gonna be smaller than only keeping it in one device. Yeah you are at more risk of getting pwnd but at almost no risk of losing your passwords. Your phone dies and you lose everything. And if you send your passfile through a convenient service like whatsapp or telegram you risk your data also getting leaked through them without the benefit of live sync.

But doing password saving and live sync through a third party service it's pretty crazy to me. Why not split the threat? One program to store your passwords and one service to sync them. I use keepass2android and keepassxc with my own file sync server as sync method. If you don't want your own server you can use a multitude of third party ones.

What should be taught in school is to store your passwords in a secure way just like any other important real life skills like doing your taxes, basic eating and physical health, etc.

[eternityforest]

The trouble is losing a phone is probably just as common or more common than getting hacked, and keepass sync is purely manual.

I suspect the most secure way to store passwords is in your Google account, because they have a far higher budget than almost anyone else. They will spy on you, but they also keep random hackers out.

I use BitWarden (with gmail as the 2FA) instead because I wanted the ability to try different browsers, and I like being able to store other bits of critical info in my vault.

You generally can't get hacked on anything important unless you already lost your phone, even if they have your password, because of 2FA.

You also don't lose your account if you lose your phone if you use SMS 2FA like most people do even though it's not perfectly secure, because your cell carrier can recover your number.