Why KeePassXC is the only password manager I trust on Linux
You can't properly, safely store passwords without a password manager, and my choice for that on Linux is KeePassXC. There are many out there, but there's a reason I've stuck with this free and open source option for five years.
In case this is the first time you're hearing about it, KeePassXC is an app for desktop computers that lets you store passwords and other login credentials in a secure "vault," an encrypted database file. The file can be moved and copied between devices but can only be opened if you have the password. You can require other credentials, too, if you want extra security.
It's completely offline
The first and most important quality of KeePassXC is that there's no online connectivity—at least not if you don't want it. You don't have to make an account; you just have to set a password for your vault file.
Since there's no communication with far-off services just to recall my Facebook login, the attack surface for bad actors is far smaller than that of an online password manager account. Not that online services are inherently insecure, but I feel better knowing I'm making it in certain ways even harder to access my passwords.
This also makes me virtually impervious to phishing scams that target my password manager. Last month, LastPass users were targeted in phishing campaigns. KeePassXC's developers don't have my email address, so anyone emailing me an alert that my vault file was breached somehow I know is a fraud.
I can still sync it across devices
Of course, the biggest drawback to an offline password manager is that using it across multiple devices like your PC, phone, and laptop becomes a pain. If you update the vault file with a changed password or new login, you have to send the updated file to all the devices you use.
The solution is to sync it with a cloud service. You can use virtually any syncing tool, though on Linux the ideal choice would be Nextcloud, Dropbox, or Syncthing since those have native apps for Linux.
Personally, I self-host a Nextcloud service on my local network that keeps my vault file up to date across devices. For security, I don't make Nextcloud accessible outside my home. I don't make or change passwords often enough to need to sync an update when I'm out and about.
Many useful features
Despite being so simple, there's a lot you can do with KeePassXC. It can analyze your vault for weak and common passwords so you know to update them. You can set timers on passwords that expire so you can remember to change them. There's browser integration via official extensions, and when you can't or don't want to use an extension, KeePassXC can auto-type passwords for you.
KeePassXC can also be set up as a TOTP app so you can use it to authorize logins that require multi-factor authentication. If you do that, though, I recommend creating a separate vault. After all, the point of MFA is that the password and the secondary means of authentication are somehow separate from each other.
There are compatible mobile apps
The vault files KeePassXC uses can actually be opened with a variety of clients, like the original KeePass application for Windows. On my Android phone, though, I can access my vault with KeePassDX, which has a similar look and feel to KeePassXC but, obviously, with a mobile view. It lets me enter passwords automatically using a special Android keyboard called the "Magikeyboard."
Since, like I said earlier, I sync my vault files over the local network, a password I create on my desktop I can almost instantly use on my Android phone. If, for some reason, I were to switch to an iPhone, there are multiple compatible apps like Strongbox and KeePassium to choose from. They're all developed independently but work with the same vault file and share many of the same features.
KeePassDX Pass(key/word) Vault
PRODUCTIVITY
Price: Free
4.3
No history of breaches
As I touched on earlier, KeePassXC has no history of account breaches. People using KeePassXC can't be breached en masse because there's no central user account system to speak of.
In fact, the only controversy in recent memory was when a Debian maintainer decided to strip out certain functionality to force additional security. That debate was more about software freedom than about any known vulnerabilities.
That relatively clean security history lets me breathe easy. Some other password managers have been plagued with issues. We don't think anyone should use LastPass, for example, because it's become so prone to security failures.
You may not find KeePassXC to fit your needs, and that's OK. You should use the one you trust based on research. For what it's worth, if I ever decided to leave KeePassXC, I'd probably switch to self-hosting a Vaultwarden instance. It lets you use Bitwarden clients while relying on your own private server.