I’m using proton services and now the Pass password manager as well. I never let any managers save my bank data such as credit cards or login credentials being sort of afraid to.

Is this concern still valid? when using a manager like Proton Pass that has e2e encryption? what’s your opinion on holding bank data in managers like this?

  • ddnomad@infosec.pub
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    For MFA apps, Google Authenticator seems to be the norm.

    I personally use OTPAuth with sync disabled and regular backups. Mostly because it is easier to organise and back up.

    Regarding hardware security keys as part of MFA, you can either get yourself dual USB-C / Lightning or USB-C / USB-A keys from Yubikey. Then just buy a USB-A to USB-C dongle (or vice versa) and keep it on your key chain. That’s mostly what I do, not ideal but does the job.

    I also use OnlyKey for some passwords, especially encryption passphrases on some servers and laptops. I usually need to enter them on boot, and it just takes too long to do that manually and I’m lazy.