We wouldn’t be removing it unless there was something wrong with it. After all it is the only option with self hosting capability.
As for storing TOTP codes in a hosted password manager, it’s not ideal because it’s really reducing security to one thing - authentication to your password manager. Also we wouldn’t suggest storing once-use “backup codes” in there either.
For once use-backup codes I don’t store these on my devices. Something like a LUKS/VeraCrypt container on a few USB sticks or backed up offsite is enough. You could even attach the LUKS container to your password manager and that would not reach the filesize limit, after all the backup codes are only text files and there is no reason the container couldn’t be 50MB. That way even if access to your password manager was gained the encrypted file would still require a separate password. Obviously don’t store that password in Bitwarden, if you do that.
For convenience however I can see the reason why people might just use a password manager for storing TOTP codes. If you’re going to do that I would think about the value of such codes, for example I would not store a domain/email TOTP secrets in a password manager. It would be totally reasonable to have Aegis with those two things in it, while storing other less valuable TOTP codes in Bitwarden. The exported Aegis JSON file could be added to your LUKS container however for backup. Another good thing to add there would be your LUKS volume headers.
TOTP codes are not the strongest way to do MFA because they rely on a shared secret. FIDO based security such as using a security key is always the better approach because it provides attestation and doesn’t require the service to hold any private secrets, that makes it the “best” security.
I don’t know why this is seemingly impossible to find out, but I want to know if you link a paid Proton Pass account—not Unlimited/Business/Visionary, just the standalone Pass subscription—to a free SimpleLogin account, does it upgrade that SimpleLogin account to Premium status?
If anyone has tested this and knows for sure, please let me know.
Proton Mail Plus or Proton Pass Plus? Mail Plus does not come with SimpleLogin. I’m trying to figure out if Pass Plus unlocks SimpleLogin Premium features.
Tried the Proton Pass app and extension as an Unlimited user. The extension version is nicer than Bitwarden for sure, it detects some website’s login field better, also offers a nice looking drop-down menu.
The app version however… is a bit lacking. One thing that always bugged me was the incomplete autofill implementation in password manager apps on android. Bitwarden got it right for both Firefox and Chrome(ium). For Proton Pass, it has some issues for usernames in Brave. Works for Firefox and Vivaldi though.
It is also mildly annoying the vault can only be managed from the extension and the app, visiting pass from the web just shows you the settings page.
I’m not really sure if I want to use it, but I’m tempted to pay the promotional price of $12 per year for the premium service. I quite liked the aesthetics, but I don’t use Proton’s email service much, so I wouldn’t use the hide-my-email system as often.
Generally, I use Bitwarden, and I like that you can paste the API key for the DDG hide-email service, but I have my doubts about this Proton service.
On my pixel 7 pro it constantly crashes when loading in start up of the app. Reinstall makes it work again for about half a day and then it’s crashing again. I assume it is something to do with the search feature and the local db being full but no way to asses that.
