On a related topic, how do you guys feel about using an unusual way of storing password only at client side as a prevention from keylogging etc? I've been thinking about this from a few days now.
1) Thinking of passwords as key:value pairs.
2) Values being the actual passwords
3) Assigning keys to these passwords that are memorable/derivable for you. For example, if my password is MatrixHasYou1984 I could map it to MHY84 or M@rix#u1984
4) Use text expander utility to map these key:value pairs
5) Enter the key as password instead of actual password.
So unless someone knows what I'm doing I can save myself from keylogging or someone slyly looking over my shoulder "accidentally" knowing my password, they'll always get the wrong password.
I very well know this isn't perfect at all, won't prevent from attacks on the servers or maybe from network. I also know this basically equals to writing down of the password and has exposure risk.
But I think it's very unusual for others to figure it out so it may be a good preliminary level defense? I mean Lastpass got hacked because it's an app that stores passwords. It's not unexpected outcome to me. But I would be really surprised if textexpander app got hacked.
What do you guys think?