and/or Vaultwarden as a selfhosted alternative.

Prefer KeepassXC but let's be honest, the best password manager is the only you actually use and keep using.

I would only use KeepassXC

Nextcloud syncs my KeepassXC safe.

This is exactly my setup. How did you know? LOL.

Locally hosted bitwarden (vault warden) that is only accessible on your local network is the way to go. When a new sync is needed away from home, wireguard VPN to connect back in makes everything nice and secure. Otherwise most of the time the vault is cached to the device locally so you don't need to phone home to access passwords.

And they are really moving quickly with development. I feel like we're getting new features monthly

Same. The UI is pretty good and modern, they support TOPT and cards as well and the development is being done at a good pace.

And with Syncthing's Untrusted Device Encryption feature I can use my VPS as an extra node for synchronization without worrying touch if it becomes compromised without me knowing.

And I do keepassdx on Android, with a (phone-specific) database synced with syncthing

P.S. syncthing is fantastic: I hope more people consider hosting discovery servers and especially relays

you could encrypt onedrive with cryptomator

It's not open source and they haven't had a security audit in a while AFAIK, I used to use it too but migrated to Proton Pass for these reasons https://discussion.enpass.io/index.php?/topic/404-security-audit/page/6/

I know they recently published the code for their clients, so that's a plus. But I can't find any independent audits for their architecture or clients.

While all mentioned options does have independent audits done.

Post-it notes on the monitor.

I guess a bunch of things, as they are specialized apps:

• proper auth. I think with Firefox you can have a password, but a password manager will have multiple options for 2fa including security keys, and on phone fingerprint unlock etc. In general, password managers are more resistant to malicious users gaining access to your device.
• store all kinds of stuff. Not everything happens in the browser, and it's just convenient to have an app just for credentials. Many password managers allow to store and autofill credit cards too, for example.
• on the fly generation of aliases. Password managers have external integrations. For example proton and bitwarden can integrate with simplelogin.io to generate email aliases when you choose to generate a new username.
• org-like features. Password managers can be also convenient for sharing with family (for example). I do manage a bitwardes organization used by all my immediate family, which means I can share credentials easily with any of them. Besides the sharing I can also ensure my (not tech savvy mom) won't lock herself out (emergency breakglass access configurable) and technically enforce policies on password strength etc.
• as banal as it is, self-managing. I like to run my own services and running my own password manager with my own backups gives me peace of mind.
• another perhaps obvious point. More compatibility? I can use my password manager on whatever device, whatever browser. For some, it might not change anything, but it's a convenient feature.

As a personal addition, I would say that I simply want the cornerstone of my online security to be a product for a company that is specialized in doing that. I have no idea how much effort goes into the password manager from Mozilla, for example.

I need to enter passwords in lots of places that aren't a browser.

If Firefox's password keeper meets your needs, then I would endorse using that, for sure.