So I kind of have a crisis on what to use for convenience but at the same time not completely destroy the security standards. I don’t pay for any of the services in my setup.
Previously I was using:
Bitwarden for password manager stuff
Aegis for 2FA
SimpleLogin for my aliasing needs.
I don’t store my backup codes anywhere except my own phone
That was mostly enough for me, but I can’t get over it considering that my setup is very fragmented towards a lot of services. So I took a different approach.
Currently, I think that the setup is very tiring and also very risky (considering I barely do backups) so I considered having my main focus on one ecosystem while having another ecosystem so that I don’t have to trust a lot of parties.
My current setup is:
Proton Pass for password manager stuff and email aliasing needs
Proton Drive for storing the backup codes
Ente Auth for 2FA
However, this setup just basically screams “Putting your eggs in one basket” and also the fact that there is only a single factor needed to destroy everything everywhere all at once.
Just a quick recap, I want to strive for convenience while also having high layered-security standards. (or whatever you call it, I guess.)
So… I need help on how I could compartmentalize my authentication stuff (or add more factors) to access all of my accounts.
I think there’s a fairly simple fix to keep your 2FA OTP seeds in a separate basket from Proton.
Use two separate passwords for Proton and Ente.
Don’t use Ente offline, ensure it’s backed up to their cloud.
Optional but strongly recommended: Create an encrypted export of Ente and Proton Pass (encrypted with their respective passwords) to store on other devices like laptops, phones, and flash drives. Ideally keep at least one encrypted copy of your Ente and Proton Pass databases in an off-site offline backup.
Optional: Keep an encrypted export of Ente stored in Proton Drive for further redundancy. (Just know that if you need to access it and Proton requires a 2FA code from Ente, you can only access the database backup if you were already logged in to Proton or if you have a passkey instead.)
Delete the “plaintext” backup codes from Proton Drive.
Awesome! When you have time I strongly recommend making some offline encrypted exports to at least one other device like a flash drive. While it’s very unlikely, it’s still possible to lose your data even with Proton/Ente cloud backups. Since our whole lives are in our password/2FA databases it’s a good idea to not take a chance and keep your own backups offline.
