>I think it's very typical to think of HN users to think of the average person as tech-savvy enough to do what you're doing, but they aren't. People are fallible, people forget things, people lose things.
this should be taught in schools if that is your concern. what i am doing with the "manual sync" for files is because i have 2 machines i want to get my passwords. there is a HUGE population who only have a phone. for them, keepassdroid or some other keepass app is the only thing that they should ever need or use. i know because i have set up the files for my family members, they only have their phones at hand and the file has served them well for years without any problem.
now they "whatsapp or email" the file to themselves or to me if they have to change their phone and get it back in a matter of minutes. this is not as big of a deal that you need to have online tied system and be a techie otherwise
If I only had a phone, I would definitely want live sync, so I had a chance of recovery if my phone was gone. Keepass isn't even something I'd consider.
I'm not sure what you're referring to that should be taught in schools. The problem of forgetting things is often "human error" not "pilot error", a random packet loss of the mind rather than lack of skill.
There's strategies to mitigate it, like always leaving the house with the same set of items and never changing it up, and avoiding situations where you rely on memory, but live sync is going to prevent a lot of mistakes.
The threat model of storing passwords in an encrypted file with live sync is gonna be smaller than only keeping it in one device. Yeah you are at more risk of getting pwnd but at almost no risk of losing your passwords. Your phone dies and you lose everything. And if you send your passfile through a convenient service like whatsapp or telegram you risk your data also getting leaked through them without the benefit of live sync.
But doing password saving and live sync through a third party service it's pretty crazy to me. Why not split the threat? One program to store your passwords and one service to sync them. I use keepass2android and keepassxc with my own file sync server as sync method. If you don't want your own server you can use a multitude of third party ones.
What should be taught in school is to store your passwords in a secure way just like any other important real life skills like doing your taxes, basic eating and physical health, etc.
The trouble is losing a phone is probably just as common or more common than getting hacked, and keepass sync is purely manual.
I suspect the most secure way to store passwords is in your Google account, because they have a far higher budget than almost anyone else. They will spy on you, but they also keep random hackers out.
I use BitWarden (with gmail as the 2FA) instead because I wanted the ability to try different browsers, and I like being able to store other bits of critical info in my vault.
You generally can't get hacked on anything important unless you already lost your phone, even if they have your password, because of 2FA.
You also don't lose your account if you lose your phone if you use SMS 2FA like most people do even though it's not perfectly secure, because your cell carrier can recover your number.
this should be taught in schools if that is your concern. what i am doing with the "manual sync" for files is because i have 2 machines i want to get my passwords. there is a HUGE population who only have a phone. for them, keepassdroid or some other keepass app is the only thing that they should ever need or use. i know because i have set up the files for my family members, they only have their phones at hand and the file has served them well for years without any problem.
now they "whatsapp or email" the file to themselves or to me if they have to change their phone and get it back in a matter of minutes. this is not as big of a deal that you need to have online tied system and be a techie otherwise