
thank you, perknh. Security is such a thorny issue in general, not many folks even want to discuss it. Like stepping off the edge of the continental shelf, off the eastern edge of the Atlantic coast, it gets very deep very quickly. I looked at/scanned
Kerckhoffs's principle- and I agree that an open-source pw manager is probably better than a proprietary one. I usually do not use much in the way of extensions in FF, I am also 'assuming' and trusting that FF has it basically covered.
I have respected Bruce Schneier for a long time and have found other good folks to listen to, but unless you are a full time security person, it is easy just to throw up your hands and just hope and pray. I do Simple things like: do not click on random links out of curiosity, stay updated, maybe re-install your OS once in a while,,,,,but I am not yet versed in the use of VPNs, the Tor browser, and stuff like that. As I say most of us find it painful even to think about.
If one follows the big news stories about Huawei, Cambridge Analytica, FB, etc., we probably face more threats just using mobile phones-which phone home (Huawei), FB (which mines and milks anything you post), and the big aggregator companies which collect personal info across a wide array of places until they know more about you than you know about you. Thanks for your input.