I was gonna ask about the biometrics part in a separate question, but its both about security, so might as well combine it in one post.
Okay so I don’t use password managers. I just try to make easy to remember passwords 3-4 random words + 3-4 random numbers. Online accounts can’t be brute forced anyways. Edit: I mean most websites have log in limits don’t they? Maybe I’ve been mistaken?
For offline accounts, I just increase the words and numbers. For mobile I don’t use biometrics, although I’ve been testing whether or not I want a pin + no biometrics or alphanumeric password + biometrics. I just can’t decide.
Funny because in work I keep passwords in txt file with logins hosts etc. It is against security rules. In my personal pc I’m using password manager because I want to have everything in single place and secured a bit.
I manage my passwords with Bitwarden and Authy for 2FA. Another good option, is to use KeepasXC with Symcthing to have the passwords both on the pc and smartphone
I run my own instance of vaultwarden (100% compatible fork of bitwarden) and use the standard bitwarden client on Android and browser plugin in Firefox. My master password is really long and I use 16 character passwords as standard in BW. I have biometric set up for my phone just to make it a bit less hassle.
Edit: and I set up MFA wherever possible with a yubikey
Online accounts can’t be bruteforced
I’m sorry, but that’s just wrong.
Majority of sites have awful security practices, not to mention massive breaches.
Get yourself either a password manager (Bitwarden is the best), or something like Yubikey + unique sentences.
Biometrics do not provide security, they’re purely for convenience.
I write my passwords down using a diamond-point scriber on a tablet of solid gold, which I keep in a secure location.
