Apparently it would take less than a second to crack your password with a script. Try it out here. Note: While I trust the site, I wouldn't put my real pass in there.
PSA for thosw who don't do this already: A good method for making a secure password is as follows. Use the first letters from a sentence you will remember, it is what I do! Example using that sentence (including punctuation): Utflfasywr,iiwId!
It would apparently take a single PC 6 quadrillion year to brute force. Remember, it's not a matter of if it can be cracked, it's a matter of how long it will take.
I don't dmenu, I just use pass from command line with pass somepass | xclip -i && sleep 5; printf "" | xclip -i
. But I've heard from many people that they are really nice combination.
Maybe I should just add that to the dmenu scripts and start using it with dmenu.
Another nice thing about pass is that it let's you encrypt different subdirectories with different keys or multiple keys so sharing a password database with coworkers is pretty easy.
He used a GeoIP tool. The absolute best GeoIP tools will get you within about 25 miles in the best case scenario, with about 85% accuracy (and that's only within the US, and you seem to be Canadian?). A 25+ mile radius is an enormous area, so you'll be fine. Frankly, your reddit history has more personally identifying data than your IP address.
In terms of protecting yourself, actually using a VPN would help? if you weren't using one, it's no surprise he didn't believe you - the provider who actually owns the IP is public information, and residential ISP (like AT&T/Roger/etc) are usually different companies (or at least different divisions) from VPNs (HideMyAss/ExpressVPN, etc).
http://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/
i'm not an android user, but my assumption is that this will encrypt the internal flash storage and any sd file system you would be using for storage. but i'll assume this doesn't play nicely OOB with windows/os x, so you might want to look in to:
https://securityinabox.org/en/Cryptonite_main
which has mounting options available. i can't speak for the project, i haven't used it.
Take a look at the header on the email. There is usually an option in most mail clients to view the full header and that can give you a lot of information about where the email came from and what it's path was to your current in-box. This link has instructions for various email clients.
We use KeePass with a key file - the backup person has the password, and director has the file. That way multiple people can play backup, but can’t get access unless approved
A pure function taking a secret and a domain as input and returning a password as output is exactly the idea behind https://lesspass.com and similar services.
These services have the advantage of using a pure function that's very computability expensive (search pbkdf2 or key stretching) compared to swapping a couple of letters making it much harder to deduce the function without knowing the input secret.
FOSS, platform independent, and the best interface monitor I know of.
Problem is, it doesn't seem able to capture individual program connections. A few ideas for doing that can also be found here.