Just got done investigating a spambot we had earlier, and it looks like they used a lot of compromised accounts on other instances to give their post an initial upvote boost. If you don't already, please remember to use a good strong password. Keeping your account secure helps reduce spam across the whole of lemmy, and keeps your account from getting banned for things you didn't actually do.
I recommend Diceware! I use it in my professional capacity as an IT/Security person, and also you get to use your mathrocks!
EDIT: Oh, also, all that numbers and symbols shit is no longer considered good practice. Just make it a really long collection of random words, at least 12, ideally 16+ characters. And make sure the words are actually random; your 3 favorite sports teams isn't good enough, which is why I recommend diceware.
Password managers (at least the non-browser based ones) use methods provided by the OS to protect themselves from screen recording, direct memory reading and keyboard-sniffing. Most password managers can also be set up to require a keyfile and/or physical passkey to unlock their databases.
A keyfile stores data necessary for decryption separate from the password database and means someone couldn't get into your passwords even if your database was stolen and they knew the master password (assuming you stored your keyfile separate from the database - the file and its location should be treated like a password itself). A keyfile also lets you keep your database on cloud storage while manually transferring the key to trusted devices, allowing cloud syncing of your passwords without fear of leaks - without the keyfile it's all just random data.
A physical passkey makes it virtually impossible to breach the database unless someone steals the USB device, since it uses a challenge-response model and the data needed to spoof it should never leave the device.
I guess what I mean is, it's a single point of failure. Usually an extremely strong one, granted.
And your memory is not a single point of failure?
Well, no, not really. If I forget a password I've only lost access to the one site, and it's recoverable. Just an partial failure. Not going to lose everything unless I literally die in which case I don't care about anything anymore. And no one is going to breach my brain short of tying me to a chair, and that's not really my threat model.
Gotcha, the boomer method. 👍