The password is generally the weak point. If you can remember it any modern computer can guess it in a short time. Which is why password generation is so imporant.
I don't think that's correct as a blanket statement - you can use a passphrase, or remember a 14+ character password since you only have one to remember.
Even if it's only random-ish, password managers do key stretching (for example by hashing the password 600k times - bitwarden has a high default value and lets you increase it if you like) so that it has to take some computational effort to check if a single password is correct. That's why it take a few seconds to unlock your vault each time.
With these in place I think you're pretty safe for a long time. (Well, maybe until quantum computing breaks those cyphers?)
Stupid German proving me wrong with something that most languages don't have access to.
\s
I'm sure German is not alone, but it is the only one I'm aware of - though with over 7000 known languages I doubt anyone knows enough to state anything with confidence.
Paraphrases are much easier than passwords in this regard. Though I fear keylogging more than brute forcing what my main password is.
But this is why I use security keys like yubikeys. Doesn’t matter if an attacker knows my main password for any number of reasons, there’s fuckall they can do with it without my physical key.
And even if they get into my vault and extract passwords, for many websites (in particular the most important ones) they’d still need to use my security key, they can’t just use the passwords.
Attacks are still possible (with browser session fuckery?) but much harder that yet another breach where a website was storing passwords in plaintext
I like, no I think it's simply a hard requirement, that I can recover from nothing but the contents of my head. I can wake up naked in a foreign country and regain everything.
