It’s frustrating watching normies forget their insecure passwords. I’ve almost come to the point of refusing helping people recover accounts of forgotten passwords unless they also let me set up a password manager for them. If I don’t, it invariably ends in them forgetting or misplacing their passwords again.
A password manager is a program that remembers your passwords for you. The main idea is there’s one master password you use to access all your other passwords. If you don’t use a password manager for your passwords, excluding disk encryption, then you’re doing passwords wrong.
To make the best use of a password manager, the master password should be secure and you should keep a backup of your password database. You should also use two-factor authentication. Just create a dedicated password database on a separate device only for TOTP codes. That will make it very difficult for an attacker to break into your accounts.
Be sure to use a free, preferably non-networked password manager like KeepassXC for desktop and KeepassDX for Android. Just don’t use proprietary poo like LastPass. Passage seems like a good option for power users. If you need your passwords synced on multiple devices, you can use a separate file-syncing program like EteSync.
I know exactly what some people are thinking: “I just use the same/similar password for everything. It’s easier!”. If this is you, you need a password manager. Reusing passwords for online accounts is extremely foolish.
Password managers put all your eggs in one secure basket, or two baskets if you’re using TOTP. Password reuse is the opposite. It puts all your eggs in every basket. If even one of the sites you use is compromised, all your accounts are doomed. Don’t assume it won’t happen to you.
Secure your accounts before something happens. Use a password manager.
2: TOTP Security