this post was submitted on 16 Aug 2023
19 points (100.0% liked)

Proton

5222 readers
35 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago
MODERATORS
 

I’m using proton services and now the Pass password manager as well. I never let any managers save my bank data such as credit cards or login credentials being sort of afraid to.

Is this concern still valid? when using a manager like Proton Pass that has e2e encryption? what’s your opinion on holding bank data in managers like this?

you are viewing a single comment's thread
view the rest of the comments
[–] ddnomad@infosec.pub 1 points 1 year ago

I agree with you on most of the points. Some security is better than nothing. More security is better than less, layers and all.

Regarding data breaches and malware, and threat models in general. We should not forget phishing too. People voluntarily entering their credentials on a website masquerading as their bank etc.

With all of that, having your credentials split over multiple applications and devices actually saves you from an endpoint compromise and evil maid attacks, at least in a sense of limiting the fallout.

Regarding VeraCrypt and “FREE”. While it is, again, better than nothing, VeraCrypt is fiddly, not always works consistently on all operating systems (I look at you, MacOS), and is susceptible to key logging. I prefer actual certified hardware with physical keypads instead. It is not free and has its own downsides, but it is just something I find more appealing.