In my journey through Linux I have changed my distro, and had to completely reinstall a number of times – three times over in one week in one case, trying to resolve a wake-from-sleep issue. Being able to sign into my browser, MS Edge, and having all my passwords available really simplifies the process of setting up. Obviously I’ve felt secure therefore in telling the computer to just go nuts when suggesting difficult passwords.
However, I was advised on a previous post to use other password software rather than have them on my browser. I am of course concerned that if my passwords are saved to my PC and I have to reinstall or switch again, then bang go my passwords!
Keepass, then you only need to remember your master-password, and then save this file to your smartphone as backup f.e. You can also install keepass on android
Keepassxc or not—
I’m not at a place in my internet journey where I trust a browser extension to fill in the password fields. I cut and paste. With KeepassXC you better be fast since the passwords will only stay in clipboard memory for 5 sec or less.
KeepassXC from flathub will be acceptable? Or maybe there’s a primary source which is more recommended…? Over my Linux experience I was told to avoid most install methods for one reason or another, depending largely on the program. Some got sandboxed too heavily, were actually unofficial, or needed extra privileges to work right.
I use KeepassXC (from Arch & Mint/Ubuntu repos) and sync the database using Syncthing. Not one fault in several years (but I remember dimly you had to modify one setting so it never clobbers the database when syncing and it’s open).
I use a self hosted vaultwarden instance. Its compatible with Bitwarden clients so i can use the web extension and android app. Of course, the web interface too.
Make sure you have a separate /home partition. The /home partition will not be touched (if you want) during a fresh install.
Other than that a backup of /home is always a good idea.
Nevertheless, I recommend bitwarden. It saves the password tresor in the cloud. This makes it available also on your smartphone or any other device. Many people dont like that in principal. But bitwarden is open source, it conducts yearly security audits and the password tresor is encrypted with AES 256-Bit on the client before(!) it leaves the client. AES 256-Bit is good enough for NSA to encrypt top secret documents, so I feel this is good for me too. bitwarden has one key feature which no other password manager has: emergency access. This grants selected people access to you password tresor in case you are no longer available. https://bitwarden.com/help/emergency-access/#trusted-emergency-contacts Thats the reason why I picked bitwarden in the first place.