this post was submitted on 30 Jun 2023
19 points (100.0% liked)

Technology

42 readers
1 users here now

Computers, phones, AI, whatever

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
19
Proton launches open-source password manager (proton.me)
submitted 1 year ago by [email protected] to c/[email protected]
12 comments fedilink hide all child comments
 

One of the features seems to be a "hide my email" feature, akin to Apple's hide my email or Fastmail's masked email feature.

Having used both of those, I would say one downside is that occasionally, a site will detect that I used the Apple one, which is strange because it's just an iCloud email address. Perhaps they're looking for a specific pattern.

I haven't yet seen the Fastmail one blocked.

One concern with the Proton one is that it seems like its masked emails are all at passmail.com. I've already found some sites block protonmail, so they'll surely block passmail like they do Mailinator and other sites. That could be a limitation that's less likely to affect Fastmail's service.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (1 children)

I like BitWarden, but I'm not 100% sold on cloud-based solutions. The encryption is probably fine, but is the whole payload? Also, I'm torn between "big" and "small" password managers.

A small one is less likely to be targeted. A big one will probably have more security infrastructure/employees.

One bummer with BitWarden is that the UI just isn't very good. For example, you can't select more than one item in the desktop electron app.

[–] [email protected] 2 points 1 year ago (1 children)

I agree that the bitwarden UI isn't very good on the desktop app and in the browser extension. I don't even use the desktop app at all anymore. One positive for protonpass is that the ui is looking pretty streamlined and it feels fast. I think for just the endless regular internet accounts either is fine.

It's a fair point about small vs. big. I mean security by obscurity doesn't really seem like a strong point for small, but who knows. I think higher value targets will always end up using the bigger ones anyway.

Important stuff (banking/development secrets) maybe use something like gpg based and offline like https://wiki.archlinux.org/title/Pass or the Qt frontend https://qtpass.org/.

[–] [email protected] 2 points 1 year ago

If only banks had meaningful security themselves.

Ultimately I'm less worried about banks, because all of that stuff can be reversed. Banking is almost designed with the idea that you'll be compromised.

I'm more worried about losing all my important files.