Hardy

I’ve recently started moving parts of my online services to #proton
Technically my #subscription includes access to their #password #manager but I don’t use it.

I am weary of joining my password manager together with my #email on the same service. That seems like a single point of failure to me.

May I please #askfedi and #infosec folks to chime in on how they think about this?

#pleaseboost

Mar 11, 2024 at 1:02pmWeb
Show threadTroed SångbergMar 11, 2024

@NHBoehm Proton has their own answer to this, and it's interesting (if I remember the gist of it correctly). Basically anyone owning your email is just as bad as anyone owning your password manager. Thus, having two different providers rather than one doubles the risk that the infrastructure can be broken into.

I've moved over to using Proton Pass, but I do not use it for MFA.

Show threadKint 🤘💀Mar 11, 2024
@NHBoehm I do the same, just out of precaution. I am also weary of putting too many eggs in the proverbial basket.