"The implied attack assumes that MFA is not used or has been bypassed. If you can get access to download the encrypted database, like what happens with most password databases that are stolen, you don’t need to deal with MFA (or those pesky password lockouts) when making attempts thereafter."
Passwords that felt secure a year ago might not hold up in 2025. Hive Systems’ updated Password Table reveals just how much faster hackers can break into accounts today.
I gave up using passwords I can remember some time ago - they were too simple. I use long, complex passwords and write them down. No problemo. No one has broken into my house yet.
The easiest way for a "hacker" to get into your system is the most direct, and that is through malicious javascript run on your browser. This works quite well for many purposes...
I think the compromise of having a local password manager program, such as KeePassXC works well. It generates pseudorandom strings of characters of a length you can specify and yet keeps the password file local so that it's less likely to fall into the wrong hands.
I’m really happy with YubiKeys (plural) as places to keep passkeys, ssh keys, and the like. As long as I credentials on two or more of them, I know I cannot screw it up: I cannot be tricked into sharing them, I cannot be fooled into entering them on the wrong website, or exposing them through a misconfiguration or hack. That peace of mind is worth a lot.
That said, for passwords I use 1Password, and I keep 2FA on YubiKeys whenever possible.
tomgrzybow
in reply to Khurram Wadee • • •tomgrzybow
in reply to Khurram Wadee • • •Khurram Wadee
in reply to Khurram Wadee • • •tomgrzybow
in reply to Khurram Wadee • • •Brad Koehn ☑️
in reply to Khurram Wadee • • •I’m really happy with YubiKeys (plural) as places to keep passkeys, ssh keys, and the like. As long as I credentials on two or more of them, I know I cannot screw it up: I cannot be tricked into sharing them, I cannot be fooled into entering them on the wrong website, or exposing them through a misconfiguration or hack. That peace of mind is worth a lot.
That said, for passwords I use 1Password, and I keep 2FA on YubiKeys whenever possible.