When I was a noob I didn’t knew password managers were a thing and used to have encrypted zip files with plaintext files on them. In fact I still have tons of random passwords for things I don’t even use or remember. I still find myself going there sometimes because honestly thinking about going one by one to decide if I add or discard things from getting into the KeePass file gives me an instant headache. How did you manage this? For now I mostly have the most important stuff on KeePass but im paranoid about deleting the zip files in case im deleting something I did not add and will eventually need it. So I guess some day I will need to fully port into KeePass but will take ages to go one by one
I used to just reuse the exact same password for everything. I was actually using password managers because I would save my passwords in chrome but either I didn’t understand how to generate secure passwords on signup with it or the feature didn’t exist yet.
But yeah it was really bad. I’d imagine this is still what most people do for most of their accounts unless they’re forced to change it because of some password requirement, then they’ll just slightly modify the same password until it passes.
I reused the same two or three passwords or slight variations of it. I didn’t have an interest in privacy or security until I was a young adult (after university).
Now trying to think back i cant remember when i decided to switch to using a password manager…
Back in those days I had my trusty hotmail email for the username and a few variations of my very common password. Never been hacked.
Ugh. What a nauseating question. I recall how, after the summer holidays, it was sometimes rather irritating being compelled to change my password. But then again, I’ve never been hacked either.
I wrote a phrase for example.
We are a big community at privacyguides focused on privacy.
And used the beginning letter + two numbers + @ + service name as a password for everything.
Example:
We are a big community at privacyguides focused on privacy. => “Waabcapfop23@privacyguides”. This would then be my password for privacyguides.
For PayPal, it would then be “Waabcapfop23@paypal”.
I had a way of generating a password based on the name of the website. Not very long passwords but they were different for each website and I didn’t have to remember them, just decrypt my encryption.
I was also using custom domain aliases years before they became a thing but I didn’t have a way of replying from them, which sometimes became an issue
I actually had a brand laptop that my parents gave me and use that, together with a random number out of my life and an exclamation mark. In later terms, i often added wherever i’d make my account on into that password, often replacing certain letters for easily identifiable numbers, for example: Amazon would’ve had become 4m4z0n.
Exact same password for everything and used the default chromes password manager, always been like this ‘till like 2 or 3 years ago where i started using Bitwarden and proper secure passwords.
I used one not-very-good password for everything and still get occasional extortion emails that reference it in plain text
I was very picky, I created a separate Word document for each page, wrote down all the data I recorded there exactly, any backup phrases or 2FA recovery codes as well. My passwords were usually 32 characters long, just as you can generate them with all characters, you could easily copy them out.
I collected it all in one folder. Over time, around 300 different Word documents have accumulated. Fortunately, I then dealt with privacy and security and switched to a PW manager and sorted out and deleted 90%.
Fortunately, I never had hardware problems, there were no backups at that time, no idea what I would have done then.
I signed in with Google or used the same password on all accounts.
My gmail ended up on Have I Been Pwned 7 times but, as far as I know, I never got hacked. Never lost access to an account. Pure dumb luck.
use to note it down somewhere, either on device or note it down somewhere.
I went the fully analog route and had a physical notebook hidden in my drawer. 
Migrating was a pain because I had to type everything in manually, so I feel your pain on the ‘going one by one’ struggle.
Different variations of the same password like many people. I believe almost %90 of the internet users still reuse passwords everywhere. Even today I haven’t met with a single person who uses a password manager around me except me.
That’s why I’m a huge proponent of passkeys, they don’t give you a chance to screw up. Takes the human element out.
I really like the idea of passkeys and accept their superiority to traditional login methods. But I still haven’t convinced tying your accounts behind a single account or hardware is a reliable thing in any event that causes you to lose the passkey source and backups. For example I live in a region with high risk of natural disasters where I can lose every backup I have along with the passkey (including things like private bank vaults). I also think that using an account based passkey also adds some privacy problems. But im really open to be convinced for starting using passkeys if there are possible solutions for these concerns.
The way it works right now is your email acts as your de facto login, if you lose your email then you won’t have any way of resetting your password and a lot of the time you won’t be able to log in at all because email 2FA is usually enabled by default on most accounts for the first login on a new device. So if you lose access to your email account you are just as screwed. Relying on your password manager instead is much more secure and lets you use the robust recovery methods your password manager offers, including in some cases email recovery if you really want.
In the event of a natural disaster, your passkeys will still be available locally on your devices. Your email won’t work though, so you’re actually better off with passkeys. I guess you’d need internet logging into online accounts no matter what though. If all your devices get destroyed then you can still access your passkeys using whatever recovery methods you set up for your password manager, since they’ll be stored server-side (assuming your password manager has cloud syncing).
There’s not really any privacy issues with passkeys either since you generate a new public/private key pair each time that can’t be linked together, and the syncing is required to be E2EE.
I decided that i will give a try passkeys for a week and return you via pm with my experience and questions if there is any. I realized I wasn’t that knowledgeable about passkeys at all. Thank you for your answer.
No problem, I’m interested how it goes for you because right now I think spotty platform support is the biggest hurdle.