Phishing attacks are worrisome and increasingly sophisticated. I shouldn’t have to check the URL bar myself – a password manager in my browser should do that (and I should trust it enough to be suspicious if it doesn’t autofill for a site I know). This will also allow me to strengthen my password-generation methods relatively painlessly.
1. Losing the encrypted password file is catastrophic. Must be aggressively (but safely) backed up.
2. Access on other machines. Should I even be logging in on other machines, anyway? Do I really need this?
I must isolate myself from OS changes, and ideally against browser changes as well. Something with a plugin for FF and Chrome (for Linux/OSX/Windows) would be satisfactory.
Next Post: Notes from The Next HOPE
Previous Post: ion3 -> awesome?