On a related topic, how do you guys feel about using an unusual way of storing password only at client side as a prevention from keylogging etc? I've been thinking about this from a few days now. 1) Thinking of passwords as key:value pairs. 2) Values being the actual passwords 3) Assigning keys to these passwords that are memorable/derivable for you. For example, if my password is MatrixHasYou1984 I could map it to MHY84 or M@rix#u1984 4) Use text expander utility to map these key:value pairs 5) Enter the key as password instead of actual password. So unless someone knows what I'm doing I can save myself from keylogging or someone slyly looking over my shoulder "accidentally" knowing my password, they'll always get the wrong password. I very well know this isn't perfect at all, won't prevent from attacks on the servers or maybe from network. I also know this basically equals to writing down of the password and has exposure risk. But I think it's very unusual for others to figure it out so it may be a good preliminary level defense? I mean Lastpass got hacked because it's an app that stores passwords. It's not unexpected outcome to me. But I would be really surprised if textexpander app got hacked. What do you guys think?
I've thought about this before, making the text expander by hand (coding it up myself) to just essentially create secure passwords from something easily remembered by me. But I don't know enough about cryptography to do anything too secure beyond just a 1-1 key map which is pretty useless.
But that would mean storing all your password "values" on the computer – it's much more likely someone will get access to your computer and can read your file, than that they will have managed to install a keylogger but for some reason can't access the file.