> How to recover from a "my env was compromised" situation
depends on the scope of the compromise, its an open ended question with lots of rabbit holes dependent on backups and other stuff.
but as others mentioned: logging out of all sessions is a good start from the <bank, ect> side... people should be logging out of sessions anyways when not logged on a particular sites webui.
we are at a fun time when browsers have too much access (and javascript <reminds me of Flash>) to the host system that they are themselves are the OS (its been this way for many years)... the bigger issue are the websites that dont auto logoff, that have really poor password compliance, and even worse encryption of their own systems. a compromised system also means your password vault is compromised too given that it is in the same env. a more complex solution would be to have your keepassdx on an internet-less system and your browser on another system where a user logs off explicitly, if not automatically). then syncing bookmarks and play-time and sites-ive-visited can be less of a 'my whole account session' got compromised
depends on the scope of the compromise, its an open ended question with lots of rabbit holes dependent on backups and other stuff.
but as others mentioned: logging out of all sessions is a good start from the <bank, ect> side... people should be logging out of sessions anyways when not logged on a particular sites webui.
we are at a fun time when browsers have too much access (and javascript <reminds me of Flash>) to the host system that they are themselves are the OS (its been this way for many years)... the bigger issue are the websites that dont auto logoff, that have really poor password compliance, and even worse encryption of their own systems. a compromised system also means your password vault is compromised too given that it is in the same env. a more complex solution would be to have your keepassdx on an internet-less system and your browser on another system where a user logs off explicitly, if not automatically). then syncing bookmarks and play-time and sites-ive-visited can be less of a 'my whole account session' got compromised