Bitwarden

A free, open-source password manager that stores your vault as a single encrypted file on your own machine, with no company, no cloud, and no account involved. It is the most sovereign starting point for password management. The tradeoff is that syncing between devices is your job, usually via a file-sync tool you choose and configure.

A hardware security key that plugs into USB or taps via NFC to prove it is really you logging in, defeating phishing in a way app-based codes cannot. It is the strongest practical upgrade for account security. The firmware is closed source and keys cost real money; buy two, because losing your only key hurts.

An open-source tool that encrypts files on your machine before they reach Dropbox, Google Drive, or any cloud folder, so the provider stores only scrambled data. It is a practical middle path: keep cloud convenience without letting the cloud read your files. Desktop apps are free, mobile apps cost a one-time fee, and filenames are encrypted too.

Free, open-source disk encryption that creates encrypted containers or encrypts entire drives, including hidden volumes that are difficult to prove exist. It is the audited, actively maintained successor to TrueCrypt. Everything happens locally with keys only you hold; the cost is a dated interface and the discipline to never lose your passphrase.