I use KeePassX, which provides a keybound function that types out your username + <Tab> + password + <Enter> (or whatever template you specify). It works seamlessly with qutebrowser (any program, really). Example: I go to www.reddit.com, focus the username field, press <Ctrl-k>, and boom - done. It works by checking the title string of the window.
I really like the separation of password management from browser, given that I enter passwords in places other than my browser all the time (ssh logins, mutt encryption/decryption, chat clients, and so on).
Also, there are several mobile apps available. I use KeePassDroid.
http://www.keepassdroid.com/ You can also use it on mobile. It's a completely different project, but reads and write almost anything from KeePassX. Originally had issues with some options, may already be fixed?
There are also apps that provide implementations for mobile devices, such as:
I'm a keepass user (love the thing) and in the past I did use a key file with it.
On Android, KeepassDroid works with key files. But I removed the key file after it was just a issue of adding the key file each time I wanted to open it.
Instead, I started using a longer password 40+ in length and use Google Drive to auto sync the keepass to my Android phone for offline and sync on other computers. (Also make backups of it and have a sync copy on DropBox too)
I'm not a iOS user (personal dislike that Apple doesn't allow 3rd party apps or market places) so can't help much there. But imo if you have a really good and long password and never use it for anything else, you "should" be ok without a key file.
KeePassDroid and a database sync to my tablet. It can be awkward to type a complex password from my tablet into another computer, but its worth the security and convenience otherwise (generate separate passwords for each site, quickly generate a new one, no need to remember dozens of passwords).
Safe encryption, works on your phone, no connection to the internet. Even if the file gets stolen, nobody's gonna break it assuming you have a decent password on it. And you only need to remember the one.
> What if your computer gets infected, can the passwords on the local database be stolen?
Yes. If your being keylogged your master key can be stolen. You should be careful to trust the machines you manage keys on. Be sure to have a good anti-virus if you use Windows/Mac.
> Are they stored in plaintext?
The database is symmetrically encrypted with your master password. If your master password is strong enough then the key database cannot be brute forced, by anyone.
> Also is there an android app?
>>>Additional Reboot Features
>>>keepasshttp support for use with PassIFox for Mozilla Firefox and chromeIPass for Google Chrome.
>https://itunes.apple.com/us/app/minikeepass-secure-password/id451661808?mt=8
>That was some quick googling. I'm sure there's other apps.
Just some quick reading of what I said would make the googling unnecessary.
I am aware of the various projects by the various amount of people. That is one of the problems I mentioned. There is a lot of projects all with the same ultimate goal that if any one of the chain stop breaks the whole structure and that overall it's not remotely convenient for most people.
I don't really know an addon for mobile Firefox that signs you in to websites automatically. I've been using local password manager Keepassdroid and I copy username and password manually.
How do you not have mobile, there are several apps for that.
Android example: http://www.keepassdroid.com/
iOS for example: https://itunes.apple.com/de/app/minikeepass-secure-password/id451661808?mt=8
and there are many others, that's actually the benefit of an ope source software...