Why preach to this choir? I get you, but we also get it.

Using 2FA on all accounts that offer it is just as important. And make sure to use a good, open-source TOTP client like Aegis on Android or Tofu on iOS.

Definitely make sure to backup your seeds in an encrypted format (e.g. Veracrypt container or GPG-encrypted files). If you lose your seeds, you lose access to your accounts.
I like to use the automatic backup feature in Aegis, which syncs my encrypted vault to my Nextcloud server. You can also enable compatibility with Android's backup API and use that if your ROM includes a backup solution like Seedvault.

Whatever solution you think you can come up with is most likely not secure.

Having my passwords written down on a piece of paper is not safe ?

So many folks talking about which software they use, and how they sync it between devices etc.

You all know there are hardware password keepers right? They present to your devices as a usb and/or bluetooth keyboard and just type out the user/password that you select. They have browser plugins to ease the experience. Now your password is not even stored on the device you're using to perform your login and it will work on any modern device even without internet access.

Oh and no subscription fee to cover the costs of cloud infrastructure.

I have a password manager with a family plan so my wife can use it. Does she? Absolutely not. And that's why we don't share bank accounts.

I blame the tinfoil hat infosec crowd for not understanding that the world they inhabit is not the same one Regular Users live in.

Is there risk in keeping all your passwords in one place, whether it's on your hardware or someone else's? hell yes! Is that risk stastically speaking ANYTHING LIKE the risk you take when you use 'pencil' for all your passwords because you can't be arsed to memorize anything more complex? OH HELL YES.

Sure, if you're defending against nation state level agressors, maybe using a password manager isn' the wisest choice, but for easily 99% of computer users, we're at the level of "keeping people from drooling on their shoes". So password managers are probably a GREAT idea.

I don't even understand why I need to make a password for some sites anymore. They send a code to my phone everytime.to make.sure it's me so it seems like there's practically no point.

I've been using Proton Pass and it has been a game changer for me. Hot take: I think Proton Pass is Proton's best service.

It creates not only a unique password for each service but also a unique email address alias. If a website leaks my email address and I get spam, I know exactly who did it and I only need to swap 1 login credential.

Has a built-in 2FA and passkeys. Works great in the browser with proper auto complete, even for the 2FA code. Works fine on Android and password in both browser and applications get autocomplete.

Proton Pass can be used by everyone, regardless of their technical level, in every device. My mom could easily use this across all her devices. I'm told Keepass is fantastic but having it sync across all her devices would be challenging for her.

Most Proton services feel kinda underbaked but Proton Pass is excellent.

I have been using password gestoires for a long time. First LastPass, until I switched to GNU/linux and discovered Keepass and then KeepassXC.... For me they are indispensable. That's the one I used until about 1 year ago when I started having problems with the Firefox addon. It did not recognize the pages. I tried ProtonPass and I like it, but I don't like having them online, no matter how secure the site is. I've tried going back to KeepassXC, locally, but the file I export from ProtonPass won't load in KeepassXC. I feel stuck.

Translated with DeepL.com (free version)

On the plus side, the more people who don't use password managers the more chance us password manager users will remain not worth the effort.

It's kinda like security through obscurity mixed with only having to be faster than the slowest person to outrun a lion.