Ok, so, I'm no expert, but there's a real lack of pragmatic guidance regarding password managers and their use. Over time I realized that some of what I was doing was essentially a self-imposed version of security theater, and I think I found a good balance on usability and security. Here's my advice:
- Randomly generated strings are better than passphrases for your master password.
This might seem counterintuitive, since passphrases can get a similar amount of entropy, while being more memorable. Here's the thing though: they are much, MUCH, longer to type. Your master password is (ideally) the only password you'll be typing, so optimizing for typeability is best. And regarding ease of memorization? It doesn't really matter, you'll only need to memorize the password once, while you'll type it many, many times.
- 60 bits of entropy is all you need, realistically.
AFAIK, there's never been a demonstration of a 60 bit password being cracked by brute force. It's just not financially smart. If you have that much hashing power, you'll probably be better off mining Bitcoin or something. There's a reason why criminals get most of their passwords through phishing: it's cost effective.
- Longer > Complex
This comes back to typeability, adding one or 2 characters often results in higher entropy than adding an entire character class, and the result is much, MUCH more typeable. Uppercase letters, in particular, take 2 taps to write in a mobile phone. A 14 character lowercase + digits password has a little bit more entropy than a 12 character uppercase + lowercase + digits password, at the same time, the 14 character password will likely need less taps in a smartphone, be easier to type with one hand, and be easier to copy.
- Don't go overboard with your key derivation function.
If your smartphone password manage takes forever to unlock your database, it's likely that your password manager is setup to do way too many iterations. Remember than a doubling in the number of iterations is equivalent to a bit of entropy in your password. Going from 0.1 to unlock your database to about a second gains you 3ish bits of entropy: it's just not worth it
- The passwords in the database should be typeable too
It's tempting to assume that, since you're no longer typing these passwords regularly, having infinite passwords with large character sets is the way to go, but it's not. The safest way to log into an account in a non-trusted device is to just look up the password in your phone and type it up. Those situations will come up, I promise.
On the other hand, having 70 bits and 120 bits of entropy in your passwords is functionally equivalent, since no-one's cracking them anyway
Alright, so that's all. What do you think? I'm no infosec expert, but I like to think that I do my research. Pretty much all the advice regarding password managers I've read emphasizes security above all else, sometimes to the point of irrationality, and I felt like a guide like this was needed.