I use KeePass (Keepass2Android, KeePassXC, OG KeePass, and KeePassium) for everything. Been using KeePass in general for 20-ish years.

Recently, I decided to export all of my passwords from Firefox, Chrome, and Edge, import the data into my KeePass database under their own folders, then delete everything from the browsers. That way I can move entries that weren't already in the database to their respective locations in the database hierarchy, delete duplicates, and change insecure passwords.

The database is hosted on my phones (work and personal), laptop, gaming PC, and a server at home, all synced with Syncthing. My work laptop also has Portable KeePass that accesses the database via WebDAV to my server.

This. And to add to what other commenters have said, by using Bitwarden and paying for their Premium plan (very cheap, just $10/year), even if you don't use all their features, you're supporting a good project. It's critical infrastructure, I think the price is more than fair.
Either way, you should always make periodic backups from any cloud service you use, encrypted of course.

just $10/month year

It never made sense to me to put password managers in the cloud. Regards to what you intend it to do, you’re making it accessible to a wider audience than necessary. And yet, I’m using iCloud. It’s time for a change.

I’m thinking of just running a locally hosted password manager on my home server and letting my devices sync with it somehow when I’m at home. I have a VPN into my home network when I’m away that automatically triggers when I leave the house, so even that’s not that big an issue, but I’m really not familiar with what’s gonna cleanly integrate with all my stuff and be easy to use. All I know is I wanna kill the cloud functionality of my setup.

I already have a jellyfish server so I figured I would just throw this onto that. Any suggestions?

I look at it like this:

• I don't absolutely trust the security of my server. Sure, it hasn't had a breach.....yet, but that possibility is inevitable, given the amount of bots that keep trying to get in by the minute. It's secure, yes, but is it secure enough to entrust the keys to my bank account, my business ventures, et al? IF somebody got the key to my Lemmy account, it would be bothersome, but not cataclysmic since all online accounts are silo'd with only a couple that are linked.
• Bitwarden spent a lot of time and money building a large infrastructure that is, imho, far more secure than my little server. Bitwarden has a pretty good track record. They have had some vulnerabilities, even as recent as '23 but these have been remediated.
• Confirmation bias...I've been using Bitwarden for untold years now and have never had an issue, other than the recent UI theming schema that was so castigated by users that they offered a way to switch back.

While hosting my own password manager would fit right in with the rest of my selfhosting, I think sometimes it's better to defer to more secure options when dealing with highly sensitive data.

Is the data super important to you?

Let someone else host it.

Bitwarden in the cloud.

Edit: Bitwarden paying the monthly/yearly fee to BW. I wasn’t implying trying to host it yourself in the cloud.

Agreed. Unless your setup and security practices is flawless, I think passwords are better managed by specialists paid for it.

If just one or those passwords gets leaked you might find a lot of other ones get cracked as well.

It may not be sites that you care about. But using a password manager is a lot less effort and a lot safer than whatever technique the average Joe will come up with.

Any password that leaks which could indicate a potential system ( e.g.: sitename in lower/upper/leetspeak) makes the whole thing even more vulnerable.

Just use something. Bitwarden, vault warden, keepassxc, ...

Knowing my social circle I'd recommend bitwarden. Even paying for it costs a measly 10$/year, while the free version is very usable in itself. And generating passphrases or 32char passwords will be a lot safer than whatever the hell they can come up with.

Just avoid the default browser ones, big tech and LastPass.

If you've been using passkeys, you'll need to generate new ones when you switch. AFAIK, they aren't exportable from Google or Apple. Which, among other reasons, is why I'll just stick to high-entropy passwords. I've had some sites like Amazon try to sneakily make me register passcodes, I've had to go back and tear them out before they screw me somehow.

Damn, that sounds very interesting! The use of a Keepass DB instead of a new one makes it great to have as option. It's something I hadn't think about for a long time.

I'll check it out later and maybe install it after I restore my server, I'm planning to reduce my attack surface too:)

try to sneakily make me register passcodes

Can you expand on this? I'm not sure what this means. Is it like instead of a full fledged password, just a four digit PIN or something? Thanks.