True, though I would only amend this to say local password managers. In my mind cloud ones are just begging for a security nightmare from any leaks, which has already happened at least once I believe.

Even without fatigue, if someone creates an excellent password that is resistant or even immune to all known password attacks, there is little reason to have it changed especially if it risks the new password being less secure/resistant since most systems require a minimum difference from the old.

The phrase I used, "password fatigue". People, if forced to reset passwords regularly, can run out of ideas and "give up", making passwords that meet the requirements but may be worse than past examples.

Which is fair, password fatigue isn't given enough attention. In fact, I used to work for a very large company that sunset password expiration for this very reason and moved to a "only during a suspected breach" model.

It depends. My version though, and this will be backed up by cyber security teams I've worked with in IT, every breach is real until proven otherwise. If there's any risk your account information was leaked, due diligence first, verify source second.

Not to mention AI means it's still using data with dubious permission to do almost anything and including an unreasonable amount of data on you. There are other methods that work without requiring a disturbingly invasive fingerprint of your online habits running on a foundation of stolen data.

I believe she is yes!

Hai. :D

Hope you like birds!