A solution for the possibility that a targeted password manager or vault may be compromised. This also serves as a multi-factor authentication method which is not stored in any electronic device. Multi-factor authentication is a means of authenticating with more than one form; combining factors of authentication greatly reduces the chance of a failure in the authentication process. The three forms of authentication are as follows: what you are, what you have, what you know.
- What you are: Normally some sort of biometric analysis such as a retinal scan, fingerprint identification, or even blood.
- What you have: Something physical like a key or RFID badge/access card.
- What you know: Passwords, pin numbers, pass-phrases, security questions etc., or something else that only you would know.
I have implemented this measure for myself because I feel that a password manager helps me by providing unique and complex username/password combinations for each site for which I have created an account.If someone were to gain access to my password vault, they would find themselves unable to use the information effectively because after the manager auto-completes the authentication fields, I then have to provide an 8-character addendum which I created and memorized, but which must be added to any site I access using the manager.This is no more complicated than what most users do anyway, which is to use a single password of about that length across all sites, making them extraordinarily insecure. I hope that you will feel free to use and share this idea.