Practically speaking, how bad is it to keep all your passwords to everything in a single notepad file on your desktop...

Not op, but can someone please explain what benefit an offline password manager has over using an excel sheet or something similar?

No problems, until you do not have any sort of spyware like Windows 10, and nobody but you can access to your PC.

What's wrong about using the same username and password for everything? It pisses me off everything demands me to have some undecipherable shit with numbers and caps.

Offline password managers typically do not store in plaintext. They make some effort to obfuscate or downright encrypt the data they store. It's like putting a padlock on a locker, yeah it's breakable, but it's better than being wide open

Holy fuck r u srs

If one site gets leaked every account you have has been leaked. If I have your email/screen name and password from one site I can just enter it on every popular site and see if I get a hit. If I do I now own your account on that site.

Just print out the file and you are now secure as fuck.

Put it in a compressed file with a pass. That's better than nothing. Or store it on a USB drive, that you explicitly only use for that. Or both.

Why would you want to own my account though?

what if that site is your bank account?

I'm not retarded enough to use online banking though.

Are you gonna get attacked? If no, you're fine. If anybody ever sees that file, you're screwed and basically have to change every single password stored in there.

This means if:
>you get a virus (any virus really, as you can't know what they do and personal data is valuable)
>your PC gets stolen (less of an issue with a desktop)
>you accidentally send the file to somebody
>you upload the file to e.g. dropbox without thinking
>your roommate/friend/wife/cousin finds your PC unlocked while you're taking a shit and decides to be an ass and look through it
then EVERY account whose password was in plaintext can now be considered compromised.

If you have a secure PC running a hardened Linux distro with good practices and strong passwords, including full disk encryption, then you may be fine with that. If you're a hermit in some swiss mountains and otherwise completely uninteresting to any surveillance agencies and have good Common Sense (tm) and are paranoid about viruses - you might get away with it. If all your passwords are to shitpost accounts on random shitty 2000s-early 2010s style forums that no hacker or roommate would be interested in, you probably won't get away with it but you don't care if you do.

But in the case of the first two it's literally easier to just use an encrypted file (e.g. if you can set up a hardened Linux PC, you can encrypt a file in one command), so unless the third scenario applies here don't do this.

What kinds of personal information is valuable? I only have IDs and related documents on my PC.

It's not important for random websites you made an account in to ask one question three years ago, but maybe e.g. your pizza hut website has your credit card details saved, or maybe you started posting a lot more on this niche forum and actually enjoy it enough to care if someone were to steal your account and identity.

It's easier to just mindlessly generate a new password in ~3 seconds than spend that at least that amount of time, if not several times more, carefully thinking about whether it's safe to use a "reusable" password in the given instance.

Anything is valuable in the right circumstances.
If an attacker gets a named photo of your first cat that died 15 years ago, and your bank account's security question is "What was the name of your first pet", suddenly they can reset your password.
Now there are a lot of what-ifs involved, but again if you attempt to minimise security often you won't save much effort but you're setting yourself up for making a mistake down the road that could cost you.

>"What was the name of your first pet"
Do you mean there's people dumb enough to not fill "Hitler" in those fields?

Just put your passwords on a thumb drive and encrypt it then hide in in a secure spot (at this point it's on you where to hide it) and use another thumb drive as a backup too and hide it as well

Hide it in your brain memory. Or train your pets or plants to do it for you.

>How insecure is it?

It's plain text. Anyone who gets the file has all your passwords. Keepass encrypts your passwords in a database so only the person with the passphrase can open it. It has other benefits like automatically generating passwords for you. Since it's encrypted, you can keep the database in multiple locations or on a server somewhere, so you can access it whenever and wherever. This allows you to make multiple backups without increasing the number of places you might compromise your passwords, like you would if you had your notepad file in different locations.

In short, yes it's retarded.

you can try this OP:

passwordstore.org/

it looks autistic as fuck but looks ok. I guess Keepass/Keepasx/KeepassSC are the best though

I use this. It's a little bit of the 'tism since you have to use GPG as well, but once that's done, suggest installing QTPass.

>there are programs
>mfw he doesn't build his own password storage program with his own encryption method

Just do what I do. Password protected Word Document inside of an AES-256 .7z archive.

Admittedly, the password protected word document doesn't do anything other than keeping normal fags out and the .7z archive is all you need. But 2 layers of protection is always better than one.