Re: Don't rely on a single password
I believe the reference is to you generating the password to your password locker.
There are ways to generate complex passwords that can be remembered. They're not as 'secure' as a random password, but it then comes to a question of how the hackers are getting your passwords: Are they shoulder surfing, are they brute forcing, or are they intercepting the password in transit.
Some years back there was a problem with HeartBeat messages after an upgrade to software forgot to validate the actual message length with the supplied length - a check bit error if you like. This meant you could send a Heart beat/keep alive message of 'Dog', '100' and get the 96 characters following your heartbeat message returned (3 characters sent, message separator and the next message(s) that were received. This allowed 'hackers' to keep pinging compromised nodes on the internet to intercept login credentials, including passwords that were at that point, unencrypted. This then allowed the hackers to get access to accounts and lock the owners out.
TLDR: Don't rely on one system for your security. Use layered systems, meaning if you use a password vault, have a separate one for other parts of the system (as an example). Oh, and if you can, monitor user behaviour: It's another layer that can expose hackers after they've gotten in to your system. May not sound easy, but if a user has a habit of logging in and visiting El Reg (what else would they be doing first thing in the morning? Other than working, obviously) and today they log in, try getting into confidential files, get their password wrong twice and be looking through areas of your system they've never paid attention to before... best to go see what's going on. They might be trying to get client info before quitting their job, or it could be a hacker's in and rummaging around.