[gherkin0]

> For web services (like HN) I simply don't need to log in and comment that badly if I'm on an unusual device.

You also don't need to use one solution for every use-case. I use an online password manager (LastPass + 2FA) for relatively high-use, low-value credentials (things like web forums and online shopping sites). For higher-value credentials (investment accounts, banking, email), I use an offline password manager on trusted machines and site-specific 2FA when available.

That's been a good trade off between convenience and security for me.

[sahil_videology]

Seconding multiple solutions. I use LastPass to deal with the volume of credentials required, storing most but not all sites. I memorize the most important sites (bank, primary e-mail), never putting them in a password manager.

[binaryanomaly]

I think 2FA is really the key here. If I have a really physically isolated 2FA device I feel pretty safe actually.