For those who may be averse to cloud-based password vaults, here is a cake-and-eat-it-too solution.
#cososec
The other great idea I read a long time ago came from Rachel Tobac: salt your passwords with a short bit you have committed to memory. This means the passwords stored in the vault are incomplete; you manually enter your 'salt' at the beginning or end of the stored password when logging in. If your vault is ever compromised, the passwords are useless.
@opie
Well, still do the 2FA in addition. It doesn't have to be one or the other. ¿Por que no los dos?
totes...I do like 3FA with my only key... 😁
@voltronic - the first is useless (csv handles this) the second is annoying, but will work until a site is breached.
After that, you're relying on the obscurity of being 1 in a million that somebody wouldn't try more than once. If you're a high value target to somebody... That obscurity goes out the window faster than somebody who kicked Putin's dog.
@voltronic I teach this to my students
@LaurelGreen
Rock on. Way to go, getting the next generation into good security practices.
@voltronic This seems brilliant! Having said that, what I can't imagine is having to do all that to change current ones managed by Roboform Pro. 😭 I will certainly do this going forward.
@voltronic
yeah, this like lo-fi 2FA... somethin you have is the password safe and somethin you know is the "salt"
actual MFA is obv better, but this is a nifty lil trick
👍