> I assume I'm reliant on how the password process is implemented per your post #42?

Correct.

The test I suggested in #42 only tells you if they seemingly care and are at least
trying. It is NOT a security audit.

Even if they do the on-line security correctly, it is still possible for them to screw-up
the human side. Example: PayPal

Until VERY recently; it was possible to hijack a PayPal account by calling them on the
phone. The only info that PayPal required to-do a full account reset/hijack:

- Name
- Last 4-digits of SSN
- Last 4-digits of your CC

Stoopid. Stoopid. Stoopid. Where were the adults when this was being conceived?

Another great way to determine if login/security is poor:

- Any website that can return your actual password is not hashing (salted) passwords and
is doing login/security HORRIBLY WRONG. Avoid.

re: Password managers

Many choices. Some good. Others; um, not. My biases:

Good password vaults:

- LastPass (my favorite)
- 1Password
- Strip Lite
- Safe Wallet
- mSecure
- DataVault

Not good enough:

- Trend Micro
- My Eyes Only Secure Password Manager
- Password Safe
- iPassSafe
- Keeper Password & Data Vault
- SplashID Safe
- Safe
- Safe Password
- Awesome Password Lite
- Password Lock Lite
- iSecure Lite
- Ultimate Password Manager
- Secret Folder Lite