And honestly, that’s the 80% of the 80/20 trade-off for security vs practicality. If you use a different password for each site, you’re protected from the most common attacks (password dumps). The rest of the measures you could take are just optimizations on the last 20%.
If you have a solid backup plan for if you get hacked (e.g. only use credit online), you’re probably fine. Most likely, you’re not going to get your browser password manager scraped, because that means you need to both get malware, and get the type of malware that knows how to scrape browser password manager data. If it’s protected by a master password, it’s incredibly unlikely you’ll get hacked unless it’s a targeted attack.
But if you want to go the extra mile, you can close a lot of that 20% with a few extra measures. It’s up to you how far you choose to go.
And honestly, that’s the 80% of the 80/20 trade-off for security vs practicality. If you use a different password for each site, you’re protected from the most common attacks (password dumps). The rest of the measures you could take are just optimizations on the last 20%.
If you have a solid backup plan for if you get hacked (e.g. only use credit online), you’re probably fine. Most likely, you’re not going to get your browser password manager scraped, because that means you need to both get malware, and get the type of malware that knows how to scrape browser password manager data. If it’s protected by a master password, it’s incredibly unlikely you’ll get hacked unless it’s a targeted attack.
But if you want to go the extra mile, you can close a lot of that 20% with a few extra measures. It’s up to you how far you choose to go.
That all sounds good to me. Good clarification.