Nice article! Interesting note on that it isn’t additional authentication too - I wonder how the extra factor (something you have, in addition to something you know) is called then? Just two-factor decrypt?
Manually choosing your password
This is a pet peeve of mine, sorry, I can’t resist commenting on it 
but I don’t want to distract from the tutorial which is solid!
Even if you assume humans can pick strong passwords, humans will often try to be smart and think they chose a strong password. The beauty of a randomly generated password is that you can mathematically determine the entropy of a password, and thus how strong it is.
Will it realistically be a problem for most people? It can be argued that unless you’re an attractive target the answer is no. You don’t need to outrun the bear when people are still using “qwerty” as password. But is a human-picked password objectively a strong password? Inherently, you can never be certain, but more often than not it is weak.
From computerphile-viewers using only the first letter of each word in song lyrics, to tv talk show hosts using a password scheme based on the service it is associated with, from someone on bitwarden forums thinking a passphrase is strong when actually it has an entropy of 17 bits, to reddit users suggesting keyboard patterns, or even people here on the privacy guides forum suggesting emojis or repeating the password, these security pitfalls are really common and are all caused by people trying to be smart at picking their passwords. There’s so many examples, you could write a whole article about it! 
Of course, none of this matters when you post your password, which is how I’ll log in to Privacy Guides’ Super-Secret Super-Encrypted App while you’re distracted reading this nitpicky comment!