Privacy Guides
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
- We prefer posting about open-source software whenever possible.
- This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
- No soliciting engagement: Don't ask for upvotes, follows, etc.
- Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
- Be civil, no violence, hate speech. Assume people here are posting in good faith.
- Don't repost topics which have already been covered here.
- News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
- Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
- No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
- No misinformation: Extraordinary claims must be matched with evidence.
- Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
- General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.
Additional Resources:
- EFF: Surveillance Self-Defense
- Consumer Reports Security Planner
- Jonah Aragon (YouTube)
- r/Privacy
- Big Ass Data Broker Opt-Out List
view the rest of the comments
What does 2FA authenticator mean? Is it a vault to store your 2FA seeds?
yeah, although using a password manager as a 2FA provider sort of negates the "2F" part.
Depends. I use 1Password and let it store all my 2FA, because my 1Password login is secured with another 2FA.
Yo dawg
Now imagine I would use a third 2FA app to store the second 2FA.
I think 2fa-in-your-password-manager is slightly better than not using it, since it requires that the attacker have access to your password vault, so it still protects against cases where just your password leaked somehow, but yeah, definitely not as good as full 2fa.
I disagree. 2FA also protects against a breach/leak of the site. If your password is leaked or stored insecurely, then the 2FA still helps.
But to add to that as well: If the site has stored your password insecurely, they will probably have lost your 2FA secret too. Which even has to be stored in 'plain text' in contrast to your password.
As per the video they released https://youtu.be/M8doASpFbuk it allows you to immediately enter the 2FA account.. oh man. as @noodlejetski said, this very much negates the whole point of 2FA.
I really like protonmail and have been a paying user for years now. But nothing beyond calendar and mail has really made a lot of sense to me so far. I'll stick to my Keepass container, syncing that across my devices. It's easy to manage and I don't need to trust anyone else with that data ever in no way, shape or form.
Not fully accurate. The 2FA still prevents issues such as credential stuffing or bruteforcing, which might not depend on you. Of course, these risks are very limited if you use random unique passwords (as it makes sence since you are using a password manager).
Also 2FA is anyway there for the password manager, and if you have a session on, chances are the same applies for the target app (for example, your email). So it's not completely useless.
This said, I agree with the general principle. I personally use yubikeys where I can, including to store the TOTP codes (I never liked the phone to be 2FA device that much...)
Yeah, that's what I said one line after. However there are also other corner cases (very unlikely) such as shoulder diving or a video recording, or people simply not using random unique passwords (for example because they chose the password before and they don't want to rotate it). In general I agree with the principle that is not 2FA if it's all in one place, but it's also quite a corner case that the password manager is pwned alone (i.e., and not the target services), and in any case it's not like not having 2FA at all.