Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
I’m a big fan of the Keep It Simple (KISS) approach, and went with Password Safe. Works on Linux, Windows, MacOS, iOS, and Android. It’s big thing is it just makes an encrypted password file which then you can sync between devices however you like (Box, Dropbox, etc)
It has an auto-type and copy feature, so no need for browser support. Though, the main criticism of this offering is if you want a ton of features and don’t care about KISS.
Something to keep in mind about not using browser integrations is that you can fall victim to simple keyloggers and clipboard stealers. But using an extension can also be a weakpoint if it autopopulates incorrectly or on a compromised site; but that’s far less common.
But, dear readers, don’t let that dissuade you: even a text file in a veracrypt volume is better than “PurpleElephant1994”
In theory auto-population is way more likely to save you from getting scammed because it won’t do it for a fake site, as the URL doesn’t match. In practice though most people are just going to be annoyed it didn’t work and do it manually anyway before they realize why it didn’t work.
One second, let me just
I would dare say PurpleElephant1994 is already much better than most passwords people have been willingly tell me.
I recently found out a family member’s passwords are things like “1100011”, “1111000” and similar variations. It’s like they’re already using binary to give a helping boost to brute-forcing bots.
Autopopulate is probably less likely to mistake I and l or O and 0 in a fake url though.