i would also offer, do not use the same device for everything, make sure any local connectivity has firewalled [dot]finances, and [dot]tech lab from each other and else. you should probably split your network to further isolate.

use intentional spelling mistakes in your password vault, edit the password by hand. you also need to have some way of authenticating login components to be sure your running your version of login, and not a trojan login.