I usually buy Asus for computers, and I go for a mid-range business model with dedicated graphics. They're cheaper than the gaming counterparts, still have good specs, and they are much more reliable and easy to work on.

Had a secondhand Alienware, circa 2017, and that thing looked nice, but it was heavy, bulky, and you had to remove the back cover, drives, battery, WiFi antenna, and a bezel just to swap the CMOS battery. But that's everything Dell IMHO.

Fun fact. The guy that made this was the "forensic expert" that claimed he could detect bamboo fibers in ballots in Georgia and Arizona. The GOP tried to put him in charge of their investigation.

Gotta have one from 30 years ago. My dad's secondhand Maytag dryer survived 4 moves, and 35 years. We had it serviced twice in that time. First time was at 30 years. It stopped running because it filled up with pocket change. Some of the coins were polished almost completely flat. Second time, the heat quit working. Bought a new dryer after that. It's going strong, but it's got a long way to go just to be half as good.

I love hearing other languages in the US. It reminds me of the lofty ideals that were taught to me as a child. The Great Melting Pot, Give me your poor, your tired, your huddled masses, E Pluribus Unum and all that.

I hate that there is a significant portion of the population here that violently believes that English is the only language here.

Left the market a few years ago. Sorry bud. I wanted to get the Wing, but grabbed a OnePlus 9 Pro instead. No regrets.

No. That's (almost) all Samsung devices. They make decent screens and camera sensors though...

I can't really endorse any one over the others. We use LastPass at my workplace, but they were compromised recently. I didn't use the service though, still reset my passwords just in case.

I would look for a manager that has a policy of transparency. Breaches happen, they are a fact of life. Both the systems being used, and the people using them are not infallible. I would be more comfortable with a service that notified me immediately when they were breached, and provided easy resolution. When LastPass was breached, they were extremely open about it, and notified their users. Plus, if you use a PW manager, it's pretty easy to go back in all your services and update the passwords, since you have a list of them and a random PW generator easily accessible. It probably took most people less than an hour to recover.

Not bad, but I could see that creating passwords that are too long for some systems, and it would be vulnerable to dictionary attacks. Also, what would you do when the site requires a password reset?

Maybe do your strat, but only do every other, or every 3rd letter as a short word, and use a Caesar cipher, incrementing the cipher once each time you have to reset? Sounds kinda fun, but I don't think most sane people would do that... Open to ideas though.

Until the password manager gets compromised, or you lose access to your PW manager. In that case, you'll really wish you had implemented "Zone 3" of my plan.

For absolutely best security, you would change your password to a new, extremely long, randomly generated character string every time you logged in. What the best security options are, and what users are willing/able to put up with has a very small, if any overlap.

As for writing them down, my advice is to obfuscate them. Apply your own secret code to the password, hide it in a poem, get creative. Once an attacker is at your desk, they pretty much own your shit. At that level, the only thing your password is providing is privacy, not security.

As long as your phone is secure, and the manager only stores data locally, I'd say yes. I would still encourage you to have any "reset capable" accounts secured with a strong password and 2FA that is not in your PW manager.

As with all things IT, there is a tradeoff between comfort/usability and security.

Shitty sites that store PWs in plain text, or they get compromised and the password is figured out from the hash. Probably the most common way right now is phishing, and with AI/LLM it's pretty easy to do spearphishing attacks on a large scale. The target enters their password on a seemingly legit site, but it's actually an attacker's site that logs the PW. There are lots of ways to get a password, and password-only authentication is considered pretty weak, even with a "strong" password.