There are some password managers where you need to either manually look up passwords and copy+paste or autotype them or select the correct password from a dropdown. Some of these will come with an optional browser extension which mitigates this but some don't really tract domain metadata in a concrete way to do this linking.

Some examples would be Pass which doesn't have any standard metadata for domain/URL info (although some informal schemes are used by various tools including browser-integration extensions) and KeePass which has the metadata but doesn't come with a browser extension by default.

The reason I say browser password manager is two main reasons:

1. It is absolutely critical that it checks the domain to prevent phishing.
2. People already have a browser and are often logged into some sort of sync. It is a small step to use it.

So yes, if you want to use a different password manager go right ahead, as long as it checks the domain before filling the password.

You probably mean TOTP. OTP is a generic term for any one-time-password which includes SMS-based 2FA. The other main standard is HOTP which will use a counter or challenge instead of the time as the input but this is rarely used.

Tips for being secure online:

1. Use your browser's password manager to generate random passwords.
2. In the rare case you need to manually enter your password into a site or app be very suspicious and very careful.
3. Never give personal information to someone who calls or emails you. If necessary look up the contact info of who called you yourself and call them back before divulging and details. Keep in mind that Caller ID and the From address of emails can be faked.
4. Update software regularly. Security problems are regularly fixed.

That's really all you need. You don't even need 2FA, it is nice extra security but if you use random passwords and don't enter your passwords into phishing sites it is largely unnecessary.

I'm not an expert on modern alarm systems but it seems that it is very common and fairly inexpensive to have cellular data backup. Not every system has it, but many do. In that case cutting the main connection will likely result in someone appearing on site fairly quickly.

Many cameras also have some form of local buffering. So even if you are gone before someone does show up you still may find yourself recorded.

But at the end of the day just put a bag over your head and you can be gone by the time anyone shows up without leaving a meaningful trace. Other than the very top-end system security systems just keep the honest people honest.

Yup, that "what can I start in 10min" question really ruins a lot of productivity.

I don't really mean literally to practice asking people out. But there are times in your life where you need to ask people for things. It is hard to get over the anxiety, risk of social embarrassment and practice showing confidence (even if you are not). These are valuable skills in all sort of social circumstances.

FWIW I think it is actually a valuable social skill to be encouraged to ask someone out to prom. A lot of people don't have many similar experiences throughout their lives.

Prom is fun. You get to hang out with all of your classmates, ask someone out. A subset of people are always going to go overboard, but keep in mind that you don't see the "normal" cases. Most people just walk up to someone and ask them out. They find a date from the school or go alone.

I'm from Canada so I don't know if the US is wildly different, but here it is a bit of a big deal, but I think part of that is what makes it fun, you sort of build a bit of hype around what would otherwise be just another school dance.

It depends a lot on the hash functions. Lots of hashes are believed to be difficult to parallelize on GPUs and memory hard hash functions have different scaling properties. But even then you need to assume that an adversary has lots of computing power and a decent amount of time. These can all be estimated then you give yourself a wide margin.

Yeah, but my point is that I use my master password enough that random characters are still memorable while being faster to type. For me personally there isn't really a use case where the easier memorability is worth the extra characters to type. But of course everyone is different, so it is good that this system is laid out for them with a great guide.

Yeah, that is what I meant by "strength of the hash". Probably should have been more clear. Basically the amount of resources it takes to calculate the hash will have to be spent by the attacker for each guess they make. So if it takes 1s and 100MiB of RAM to decrypt your disk it will take the attacker roughly 1s and 100MiB of RAM for each guess. (Of course CPUs will get faster and RAM will get cheaper, but you can make conservative estimates for how long you need your password to be secure.)