- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
You must log in or register to comment.
Proton Pass already has this built in, is there any difference or is this just a standalone version?
It has some extra features, for example you can use it without an account
I see Bitwarden didn’t make the comparison. Almost certainly because it also checks those boxes.
I’m a Proton guy, but even I have limits on how many eggs I put in the same basket.
I tested migrating Bitwarden to Proton, but there were some incompatibilities, and I didn’t trust it not to mess something up. If I was starting from scratch, maybe I’d use Proton for passwords. Bitwarden does the job though, and it’s way cheaper.
As does Ente Auth. But really, how many apps do you expect them to list here? They’ve listed what are by far the most popular ones.
BitWarden isn’t an authentication app. It’s a whole password/login manager.
If that’s you’re comparison, you want Proton Pass, not Proton Authenticator.Bitwarden does have a standalone authenticator now.
I didn’t know that.
Well then yah. Probably because it also checks all the boxes tooI thought they only did 2FA in the password manager and only if you had the paid version. I’ll look into their stand-alone app.
Mmm fair.
I don’t really get the “all eggs in one basket” problem with Proton Pass / Proton Auth.
Am I wrong in thinking that it depends on the specific service?
Some services are very hard to migrate and have a lot of vendor lock-in. For example, your e-mail address (if not using a custom domain) cannot be changed overnight, and it will probably take years to move everything over. Think carefully about where you put your e-mail!
I understand that cloud storage, especially when using non-standard formats for online collaboration, such as GSuite or Proton Docs, is also hard to move to a different provider. When choosing such an option, think carefully of how hard it will be to migrate away. Have a plan.
But switching between Bitwarden and Proton Pass is at most an hour of work. How is that problematic? Both apps store data locally so they continue to work when the provider’s servers are offline.
Yes, Bitwarden has a self-host option with Vaultwarden, Proton Pass does not. So if you want to start using that, just export from Proton Pass and Proton Auth, import to Vaultwarden, sign in on your devices, and done. I don’t see the problem of using Proton Pass.
Up voted you because you’re asking valid questions and you are prompting people to give you and others solid advice, and thus you deserve visibility, as well as the answers given to your questions.
I hate it when people down vote valid and interesting questions. It’s so stupid.
Thank you. I know most people agree and I’m missing something so my explanation of my current POV is basically me asking to be corrected on this.
Was a bit disappointed with the downvotes but I could have seen it coming when explaining my unpopular position.
Thank you for your understanding and for promoting dialogue
promoting dialogue
You get it. Promoting dialogue. Very good way of putting it. 🫶
Am I wrong in thinking that it depends on the specific service?
Yes. The concern is that if your account for your password manager is compromised, your passwords and 2FA tokens are both compromised. Whereas if you kept your 2FA in a different account, only your passwords are compromised. All services work this way. Proton has suggested creating a second account for your 2FA codes, even though it violates their own ToS.
For example, your e-mail address (if not using a custom domain) cannot be changed overnight, and it will probably take years to move everything over. Think carefully about where you put your e-mail!
That’s why I tell everyone I know to get their own domain. Not just for email, but for a variety of things. If nothing else, I run a Linkstack that has all of my personal information, so when people ask me for it, I send them there, and let them contact me however they wish. I’ve actually managed to get it to the top of the Google search results somehow so people can just Google me and easily find it as well. It grants you a whole lot of autonomy over your digital identity.
Changing your email host is just a matter of a simple DNS config change. When I changed from Google it was indeed a nightmare. Several companies I realized don’t even have mechanisms to change your email address because it is actually your identity in their system. I had to delete my account and open a new one. They had no other mechanism. Which is absurd. Other companies would send some things to my new email and other (important) things would continue to be sent to my old email, for reasons no one would explain to me. They are simply not technologically equipped to handle this sort of change. All in all it took about a year before I was comfortable deleting my Google account.
Thank you for your reply!
I understand the concern of having 2FA and Password vault under 1 account. This creates a single factor to access everything and is indeed a security risk.
I should have been clearer, but what I meant is: “Why is the use of Proton Pass considered problematic, with the reason ‘dont put all eggs in one basket’?”
I just realized it’s because of the same thing: mail is used as MFA too.
Proton Pass specifically, is not problematic. The problematic part is just having both passwords and TOTP keys in the same vault (basket).
I don’t really get the “all eggs in one basket”
I think the argument is that if at some point Proton services get compromised, or if Proton somehow turn into the bad guys, then using fewer of their services will impact you less or give you more time to react. The same goes for any other vendor, of course, which is why the way you address this is by spreading your trust across different services/regions/owners/…
They have already one collaborated with courts to provide access to emails of an activist which helped the French state to convict them.
I think it’s entirely illogical. Likely, they were burned before, and cautious about using anything under one name ever again, even though the circumstances are slightly but substantially different in Proton vs (for example) Google.
If by not using proton you’ll have to switch services less, or it’ll somehow make switching services easier in the future, sure. But I don’t see any reason to believe that
What if I’m fine with ads but not tracking, or vice versa? Why combine them like that? I guess it’s easier to put a no-pass on the others if there’re more attributes in one row.
Because virtually all ads involve some kind of tracking.
Makes sense. 👍
Dont set all your money on one horse, Proton is nice without question, but the more services you use with them the more of a hassle it becomes to change again when they start to enshittificate.
I use Aegis for what its worth, also open source and does everything i need it to do
I personnally use mail, vpn and simple login. And that’s already a lot, as getting rid of simplelogin would be a pain in the ass.
And I would use standard notes if it was included in the plan. But no, nooooooo, a bitcoin wallet (wtf) and a paying duck.ai clone IS WHAT OUR USERS DESPERATELY NEED.
The Bitcoin wallet do have some uses, and the chatbot is not really useful, for sure. But if they like to experiment, let them have their fun. 😅
I use both Aegis and Proton Pass (since 2FA codes can live in Proton Pass) and share the keys between them. That way I’m not reliant on only one service, but I’m able to benefit from the convenience of Proton and also prevent lockout in case my mobile device dies
Aegis is great. It just works and it’s reliable. No reason to switch in my opinion. Even though, unlike most other “authenticators”, the app provides easy ways to export your secrets to another app if you wanted.
2FAS on iOS is nice
id rather use euro open source than noneuro open source
It would be nice to have proton drive integration in linux. I guess it’s a matter of priorities.
Their Luma LLM is coding the proton drive integration for linux as we speak…
exagerated (i cant spell) a bit, but probably true in the next months
You can mount your proton drive to linux, there is guides out there
2 words I want you to keep in mind:
- Entranchment
- Enshittification
I purposely do not use the whole Proton suite for those reasons. It would be quite bad if one is entranched by their whole suite if they went on the enshittification route, which large companies eventually tend to do.
Everything in Proton is
- Open source
- Portable
Then please do link me the source code of their email protocol.
FairEmail’s FAQ is the 1st thing that popped up on Github when searching for “proton”, mentioning that it’s proprietary:
https://github.com/M66B/FairEmail/blob/master/FAQ.md#faq129All the Proton software which you can install is open source. It makes sense to have some internal software not revealed.
…you mean SMTP?
No, I mean their email server + protocol.
The thing you’d use to self-host a proton mail email server.What you linked is the source to the client,
which interacts with the proprietary server code to fetch your mail from them.If you can’t self-host / switch to a different server if they enshittify due to being closed source, then it’s not “open source” nor “portable”
If you can’t self-host / switch to a different server if they enshittify due to being closed source, then it’s not “open source” nor “portable”
That’s…just wrong.
That’s not what open source means.
You can export everything and anything. And if you use your own domain you can take that with you as well.
Sure the client is open source,
server code is closed source.So if proton enshittifies or ceizes to exist,
the open source clients will be useless,
since you or someone else can’t host the server, since that is closed source.But whatever man, good for you if you like them and want to remain oblivious of the risks! c:
since you or someone else can’t host the server, since that is closed source
You don’t need to host the server, you just move your domain to a different provider. It’s nothing more than a 3 minute DNS config change.
Normally I use Aegis on my Android, paired with Authy on my iPad and work-issued iPhone as a backup of sorts (Aegis config is also backed up to multiple devices via Syncthing), but this seems like it would be more promising as a backup 2FA method instead of Authy.
Ente looks promising. Thanks for the tip!
Ente is headquartered in the US, no thanks
Eugh… Thanks for the heads-up 😂
Does it support sync across devices? It isn’t mentioned on the product page. I use Authy for sync.
It does, if you use your Proton account.
But then don’t use it for the 2FA for the Proton account itself!
They thought of that. The account is only used for syncing.
You can access it with a different password, or even no password if you like.
Did they fire Andy yet?
and why?
ah, interesting thx. well idk yet, its not so black and white probably.
After doubling down and getting another backlash they left mastodon and now only post on Reddit and Twitter…
That’s not a good look
not nice, a few days ago i searched them there but now i know why i cant find them. :/
but also mastodon is a pretty funny place, atleast on reddit and twitter are more normis. so i get why they left xD
The people on mastodon have been some of the nicest I’ve met on the internet.
Twitter and Reddit are nothing but corporate propaganda and bots.
Mastodon HAS absolutely nice people, granted, perhaps even the majority… but also a fuckton of full on delusional extreme left nutjob pony cosplayers who think everyone MUST obey THEIR HIGHER MORAL STANDARD or be an insufferable Nazi bigot.
