I recommend using Pass or Keepass, because we can see the source code. But like all these password managers, you need to synchronize your password vault.
If you do not want to synchronize your vault among all your devices, but still want to have a unique password per site, try LessPass[1]. LessPass is a stateless open source password manager.
Lesspass seems nice but how about keeping all passwords in a .txt file and password protecting that file?
One benefit of the password-protect-text-file method over Lesspass is you can also save answers to so-called "security questions" (for those sites that still use them, like Paypal and government sites).
Alternatively, one can use Schneier's write-down-password-on-a-small-piece-of-paper method.
This method works very well. I have one large text file containing all my credentials, stored in a an encrypted VeraCrypt file.
I have all this stored in my Linux box. I backup to my server side encrypted AWS S3 bucket protected with 2FA. No need for me to sync anything, but if I need access to my VeraCrypt file, I can download it when required.
I've used this method for two decades now, first using OSX .dmg files, then TrueCrypt, now VeraCrypt. Simple, and works well.
I suppose the main pain with this method would be accessing the passwords on other devices. For example, I'd prefer to be able to copy/paste password on my phone, instead of referring to another computer and typing it in one random character at a time.
https://ss64.com/pass/
Is similar to LessPass but is entirely javascript in the browser, so you can save the page and run a local copy completely offline or upload to your own website. Theres also a command line version for both bash and PowerShell https://ss64.com/pass/command-line.html
This is pretty brilliant. My biggest concern is that if my password for a site gets compromised, it gets a lot more complicated. Presumably I'd have to memorize a separate master password for retrieving the new password for that site.
But once you did that it wouldn't be stateless anymore as you'd need to connect to their server every time to check on the state of that site's password. This makes it not that much different from traditional online managers where you have to connect to the site to retrieve the password.
There is still the benefit that the passwords can't be exposed by a compromise of the service. Presumably it doesn't store your master password anywhere, so all they'd get is the site and counter info.
You also have the option save this profile db locally, or store it yourself manually in a txt file if you really care. That's also necessary if a certain site has password restrictions.
But then you have to remember the counter setting for that website. So it's almost the same problem; I could just add a 1 to the end of my master password for that website.
I've just installed it and haven't yet used it, but as far as I can tell from the docs, the counter is stored as part of the syncable profile for a site.
The profile is also used to store other site-specific attributes, like if it has some weird password rule that requires pure alphanumeric or a specific password length.
No, the counter would be saved by LessPass. Every time you look up the password for that site, it'll already know what the counter is set to for that site.
This blog post[0] shows how LessPass lets you change passwords per site, and get around tricky password requirements.
Not at all. While Masterpassword does not save any passwords but generates it based on some unique parameters live - pass stores passwords and notes encrypted with GPG in a git repository.
The list differences to LastPass is long.
Pass is OpenSource. Pass doesn't store your information on anybody else's computer by default. Pass has not first party browser plugin and is therefore not open to attack through browser plugin holes.
On the other hand you control everything by yourself including batch updating your passwords. And there's no online service.
I use KeePass and I only keep the database on my phone. When I need the database on my laptop, I use kdeconnect to share the file. Which basically uses sftp with a temporary key.
There is no need to put anything on someone else's computer.
If you do not want to synchronize your vault among all your devices, but still want to have a unique password per site, try LessPass[1]. LessPass is a stateless open source password manager.
Disclaimer I am the creator of LessPass
[1] https://lesspass.com/