AJ Henderson As you correctly point out, just having a scheme to create randomness, plus a mentally-remembered 'horcrux' isn't 2FA. It serves only to keep full passwords from residing in one place. My widgets were specifically created for people who are techno-phobic, who in my experience were resistant to using any sort of software wallet solution -- at least it gets them to stop using the same password or a trivial variant thereof, across all their accounts... As always, defense-in-depth is important; each measure can serve to incrementally improve security.

This is good advice, and in fact I make and sell a line of offline password generator/recall rings, key fobs, bracelets and cards which help to do exactly this: https://www.tindie.com/stores/russtopia/ The advantage to these is that they are not software which can be hacked like password wallets, being completely offline.