Which block cipher modes are best used in real life situations?

For an exam I'm studying for, I'm wondering what block cipher modes are best to use in certain situations.

We learned about these block cipher modes: ECB, CBC, CFB (+ s-bit), OFB (+ s-bit) and CTR.
From what I understand: some can be parallized, some can't. Some can be turned into a stream cipher (s-bit), some can't. Some have worse error propagation. They each have their (dis)advantages.

My question is, which block cipher methods are preferred in certain situations, for example for video chats, to store passwords, to send data with a micro-controller, ...

In real-life situations, except for compatibility with existing systems, it seldom should be directly used any of the encryption modes listed in the question, because they at best provide secure encryption (caveat: ECB does not), which does not cover the needs of most real-life situations.

In real applications, if one needs encryption, one also typically needs to prevent undetected alteration of the message (e.g. removing part of it, altering a segment). Thus it's needed a mode that provides encryption and authentication¹, such as GCM combined with the block cipher AES. It's fast enough for "video chats" with a modern CPU and simple enough to "send data with a micro-controller".

Such authenticated encryption mode will often internally use one of the question's mode for the encryption that it provides, e.g. GCM uses CTR. ECB/CBC/CFB/OFB tends to be phased out for CTR, because CTR is simple, fast, easily parallelizable, and allows direct read/modify/write access to large files without re-encrypting what follows. It's only drawbacks are

• Malleability², but that's entirely solved by authenticated encryption.
• Sensitivity to reuse of Initialization Vector/nonce. This can be mitigated by good procedures to generate IV, or nonce-misuse-resistant authenticated encryption modes like GCM-SIV.

To "store passwords", we often don't want to use encryption, which implies the possibility of decryption, when we often can live with a system that never requires to decrypt passwords and thus is less vulnerable to data leaks (there are some exceptions like password managers). For passwords, the first choice is secure hardware designed for passwords storage. The second choice is to store on disk the result of a deliberately slow and salted hash function of the password, like Argon2. The last choice is authenticated encryption of the password. Notice authentication matters: with encryption alone, it's to fear that someone with read/write access to the encrypted passwords can reset a user's password to a known one, without the key, if they know the password of another user.

¹ In the sense that deciphered plaintext exactly matches plaintext that was encrypted with the encryption key, which make it authentic.

² In the sense of allowing changing the meaning of deciphered plaintext for known plaintext, e.g. change pay $1000 to pay $9800. CBC or CFB mode make such attack more difficult, but do not provide full authenticated encryption.