[wyattpeak]

I think there are a couple of problems in practice with this:

1) I don't leave my password manager open overnight, but I do during the day. My master password is long and I enter a lot of passwords. The most obvious attack vector is getting onto my computer while I'm working, not cracking the master password.

2) Losing my master password would be a _big fucking problem_. Once I'm confident I've learned it I destroy whatever it's on, but I can't risk having no backup before then.

Both of these points could be addressed if I were safeguarding nuclear launch codes. But I think it's silly to treat my passwords as national secrets. I'm not willing to abandon all convenience for the sake of safety.

[UncleMeat]

How real is the evil maid threat model where they open up your password manager but don’t have enough time to install a key logger? And even if this threat model matters, 2fa defeats it.

This entire horcrux system feels like cleverness for cleverness’ sake rather than actually addressing a meaningful threat model.

[wyattpeak]

I don't have a strong opinion on the horcrux system. It's a simple solution to a minor class of threats. Six to one, half dozen to the other.

My issue was that the "whole solution" to the problem proposed by the parent relies on idealised password manager usage which I don't think is representative of real-world use.

[UncleMeat]

> It's a simple solution to a minor class of threats.

The threat models it addresses are (1) "evil maid without time to download a keylogger", (2) "cloud leak of your password database alongside sites that aren't using any 2fa" and (3) "cloud leak of your password database alongside SMS-based 2fa and a desire to go through the trouble to SIM-swap you".

All of these threat models are handled with TOTP-2FA. (1) is rare. (2) and (3) require your password manager to be compromised but not your application's password database.

In practice, virtually all threats to online accounts are phishing or password stuffing from database breaches. This system does not change your posture against these threats.

People will only follow so much security advice so you need the specific small set of things that you recommend to everybody to address the most common threats and you need the set of things you recommend to more targeted individuals to actually address a wide range of threats. Introducing additional systems that address a subset of meaningful threat models just introduces confusion.

"Use a password manager with autofill to generate unique passwords" defeats credential stuffing and most forms of phishing. This system is worse against phishing since you personally type in the password. "Use a password manager with autofill and a yubikey" fully defeats credential stuffing and phishing. It also defeats the situations addressed by horcruxes.

> My issue was that the "whole solution" to the problem proposed by the parent relies on idealised password manager usage which I don't think is representative of real-world use.

I do agree with this.