This research paper investigates the attitudes and behaviors of Sri Lankan internet users toward passwords and password managers. The study addresses the security flaws and malpractices associated with passwords and aims to identify effective password management solutions. Two surveys were conducted, one focusing on user attitudes and strategies related to passwords, and the other evaluating user experiences with decentralized offline password managers. The findings reveal that a significant portion of the participants employed complex password-creation strategies and utilized various methods for storing and reusing passwords. Male participants and individuals in the 20-29 age group were predominant in the study. Surprisingly, only a minority of participants had received training in password creation and management. The analysis also indicated that participants without training tended to create easily breakable pass-words, while those with training opted for more complex and stronger passwords. In terms of password management methods, participants without training relied on manual note-taking or memorization, while those with training pre-ferred secure password managers. Furthermore, the study found a higher prevalence of password reuse among partici-pants who used manual password creation methods compared to those who used password generators. The research underscores the need for improved password management practices and increased awareness among Sri Lankan internet users. The findings introduce novel insights into the existing knowledge of password management and lay the groundwork for developing targeted interventions and strategies to enhance security in the Sri Lankan online landscape.