This logic sounds like "I've heard that if your car falls in a river, wearing a seat belt makes it harder for you to get out. I don't have time to worry about whether that's a real problem, so I just don't wear my seat belt. Too much complexity."

Not at all. This person is choosing not to accept additional risk, and is engaging in strong mitigation by using an offline password manager.

Plus there's nothing preventing you from using your favorite sync client (eg. Dropbox) to get the same "cloud" functionality.

ding ding ding.

I use a few different versions of keepass on two laptops and an android, and they all share a keyfile through dropbox. I get most of the same functionality that my wife does through LastPass. It's convenient enough that I don't see any reason to migrate to LastPass, despite their much more polished user experience.

> more polished user experience

I'm forced to use LastPass at work, and personally find KeePass to be a much better user experience.

KeePass is more secure than LastPass, not less. I've tried a couple different password managers, but always come back to KeePassXC with a simple auto-type workflow. My reasons:

A. The auto-fill extensions don't work on enough sites to make it annoying (maybe ~20%). Auto-type is a more consistent workflow for me.

B. Lastpass (and friends) browser extension doesn't do anything for desktop apps, SSH sessions, or anything outside the browser. You have to copy and paste one at a time.

C. I like all my passwords to be a particular format because it frequently happens that I have to type them in manually (Phone, vCenter console, BIOS, etc.) and I just like that to be easy. (I use 5 groups of 4 lower case separated by periods, with one number and one upper case letter in the last group. Still very strong but also manageable to type into an iPhone).

D. I like to record more than just passwords (the email I used, answers to security questions (always random, but legit looking), bank and credit card details, stuff like that). The KeePass UI for keeping those kinds of notes is just so much cleaner, simpler, and better than anything else.

E. KeePassXC has first class support for Yubikeys.

This strategy makes you more susceptible to phishing, which is a much more common attack and requires vigilance to avoid. I think the reduced phishing vulnerability for browser extensions is worth it.

>This strategy makes you more susceptible to phishing

One mitigation is to use Firefox account containers.

If I navigate to what claims to be Bank of America, but the tab doesn't open in my "Banking" container, that's a huge red flag.

Also, as another poster mentioned, Lastpass sometimes fails to autofill. Unless a manager can achieve 100% error free operation (unlikely), even autofill managers will also have a risk of phishing.

I don't think there's one correct answer. For me, as an expert who's confident about my security posture (2FA, verbal passwords for vendors that can reset 2FA, backup codes stored securely offsite), I value the simplicity of Keepass.

I use KeePass too, great little program. It isn't as "mobile" but I don't really see the benefits of online solutions. It certainly isn't added security.

The website from the service in question also suffers from severe JS-errors on their page (FF 66).

KeePass here too. On Android, it is absolutely terrible paired with Dropbox. I'm not sure who to blame, but the database will not stay up-to-date and I have to click and re-open my key file _every_time_. On a fresh install, it stays good for several months, then it will get out of sync and I'm not sure how to get it back to in sync.

The Android (and iPhone) apps have always been more trouble than their worth, IMO.

I always manage my passwords on my computers, and type in on phones as needed. Simpler and just works.

To easy the pain of typing passwords, I always follow a consistent format that's easier. Example:

7,#/T8z%FS%zht6S

ctaq.zwjd.qnbu.ut1A

The first one is terrible to type on a little Android keyboard whereas the second is a breeze, and still perfectly respectable as far as password strength goes.

It works perfectly for me (Keepass2Android). Unfortunately Dropbox limiting syncing to 3 devices will likely make me using something else.

Which Android port are you using? There isn't an offical one, so you may have better results trying a different one.

Fair enough. I just noticed down below someone was using keepass2android or similar. I'm using keepassdroid, and I noticed they have an issues page. Filed one. I might investigate bitwarden if I get bored[1]. Thanks btw, it really did not occur to me actually that there would be other versions.

[1]something that will not likely happen between family, work, and chores around having a large property

FWIW I use KeePass2Android and I sync to my OneDrive. I have no issues with it on Android 9 on a Huawei device running EMUI 9

I always launch keepassdroid by going into Dropbox and opening the database from there, rather than by launching the app directly.