|
I tried Yubikey for a while, but found it to be too annoying due to not working in all browsers, on all OSes, so I gave up on that and just use TOTP now.
I use KeePass for my password databases, with multiple databases to segregate the risk a bit if one is compromised. I sync the databases myself, and don't use browser plugins for auto-filling the fields.
This works for me, though a few "security features" of some websites make it very difficult at times, for example sites that won't let you paste into the password field, or sites that accept one long password when changing your password, but then won't let you type the same password when trying to log in, or sites that say "you have to use special characters, but not that one!" meaning that I have to generate a few times to get one that'll pass, or sites that have stupidly short maximum lengths, like 8-12 characters (when NIST suggests 12 as the minimum), or even special character requirements at all, they should just require LONG passwords, without any complexity rules since complexity rules actually reduce the possible entropy and reduce the size of the search space for brute force attacks.
|