The article below has something of interest for both tech-savvy users as well as naive Internet users. Password is an important life of defence to protect our privacy online.
The article mentions the following questions in the beginning:
- Is your Password really secure? How do you verify it?
- Is your password publicly available or part of an online breach made public?
- Have you reused your passwords on multiple sites?
- Do you create passwords yourself or use a random password generator?
- How do you keep track of multiple passwords? Write them down on a piece of paper or store them in files on your computer?
There seems to be no answer to 1 in the text, because there is no answer (In theory, no passwords are secure since every password can be brute-forced. This is why you need threat models.)
Regarding 2: Services like HIBP only cover a small fraction of all data breaches. So relying on HIBP only can result in a false sense of security.
Regarding 3, 4 and 5: If you use a password manager (as suggested in the article) to generate random passwords, there is no reason to think about this.
The section on “Password Complexity” says “The complexity of the password is important for many reasons.” In reality, password length is much more important than password complexity, explained here: Why are space characters not allowed in password fields?
The section on “Password Safes” is really basic and assumes that you can only use a master password to protect your secrets. Most password managers support multiple methods (e.g., key file, user account, OATH-TOTP, challenge-response authentication). So there isn’t only a master password.