Big fan of Bitwarden, albeit you are putting a single point of failure on all of your secure info.
I'd love to know what others do to maximise both convenience and security.
For two-factor authentication, I wouldn't use the same service for both layers. Seems daft to use Bitwarden as both the password keeper and the TOTP provider. Not sure if that's a cryptographically coherent view, but hey.
> albeit you are putting a single point of failure on all of your secure info.
Depends on what failure mode you're talking about.
If you mean "I won't be able to access things when their service is down", that's not entirely accurate, because the database is synced to clients, so you just can't connect a new client or add/update entries, but existing entries are accessible.
If you mean "everything will be compromised if their service is hacked", that's not quite accurate either, because the encryption key to the database isn't stored on their servers (things are only ever decrypted on the client).
If you mean "any compromise is all/nothing", this is kindof true, but can be mitigated by keeping separate vaults, so that your most sensitive items are not kept with the ones you need routinely.
Or maybe you're thinking of some other failure mode ...
Perhaps it's just an aversion to having all your eggs in one basket. I am experiencing that with Proton, atm, after having spent a year De-Googling my life and moving my mail, drive, calendar and VPN to their drop-in replacement for the same Google products. Lo and behold, the CEO has to go and share views I not only disagree with but also find dangerously aligned with people that are very much enemies of privacy and protection of PII.
The problem with buying into one entity for a bunch of these services is they eventually find a way to sour their mission or worse, bend the knee to those that seek to exploit us, leaving you with the increasingly arduous task of migrating to another competitive service.
Luckily with Proton, it is incredibly easy to export everything and delete everything, unlike Google which makes it extremely difficult to delete things (notwithstanding the 2FA screen you get when deleting data from each service, which leads to "too many logins, wait 5 minutes" even if you login with the correct password/TOTP every time). I recommend downloading a "google takeout" to confirm all your data is actually gone.
One of the nice things about bitwarden in particular is that they make it easy to self host (and there's vaultwarden which is even easier). There are tradeoffs, but lockin risk is minimal
In terms of a compromise being “all or nothing,” most secure accounts should have a password (which you can manage in BitWarden) AND a second factor (ideally not tied to your phone; ex: a YubiKey). That way even in the nightmare scenario that someone gets into your password manager there’s extra legwork they’d need to do to ruin you.
>"I won't be able to access things when their service is down", that's not entirely accurate
That is entirely accurate. During their outage a few weeks ago (the first I've experienced in years of using it TBF), I wasn't able to get passwords from my browser extension, Android app, or Mac app. Maybe in theory it's not supposed to work that way, but in practice it got stuck when it couldn't reach the server and went back to the "Enter master password" page (IIRC).
But if somebody compromised their internal infrastructure they could push out malicious updates to both the Authenticator and the clients of the password manager (most likely the browser extension), compromising both security factors at once
Every day I have to use something like 4gb of data to let Backblaze sync. This is despite the fact that I might only have created/changed 100mb worth of files since the previous day's sync.
We looked at a lot of different models and ended up with a "buyer-based open core" model.
The first "buyer" in this model is the user of our open source product that doesn't cost any money, because it's open source.
It's typically a developer, or someone very close to a development team and they self-host Mattermost as an open source Slack-alternative and get a lot of value out of the product.
At some point the development team doesn't want to host Mattermost themselves any more and asks the IT organization to host it in a data center or on a private cloud.
The IT team is a different "buyer" who wants features that make the lives of IT administration easier--account sync with AD/LDAP, SSO, eDiscovery, high availability, etc.--and we have an enterprise edition for that buyer and offer a fair price.
This has been May's strategy with parliament. We're soon going to have a third vote on the same deal.
With the referendum it's more justified. There were financial irregularities which would have rendered the result void but the vote was non binding so the Electoral Commission advised it can't intervene other than to fine some of the guilty.
That is literally how democracy is supposed to work. You have regular(ish) elections to appoint your "representatives" in parliament (representatives in scare quotes because they seldom represent the people).
Even the 2016 EU referendum wasn't the first we've had. As the voting populous grows old, new voters come of age, and the relationship with our EU partners change, it makes total sense to revisit past decisions.
Nothing in democracy should be closed to re-evaluation for all time in the future just because some people made a vote once.
If they have a 2nd petition I'm sure it'll include an option to say "I want to stay in the EU", which would be the same thing: repeating a vote until we get what we want.
Easily solved with instant runoff voting[1] for the entire spectrum from Remain to No Deal.
No one wastes their vote voting tactically, everyone gets their voice heard, and we get to choose exactly how we shoot ourselves in the foot when Leave wins a 2nd vote.
I mean how could Leave lose? It was the will of the people, they'll clearly vote the same again. /s
Better than the current game of 3d chicken we're playing right now.
So instead you advocate we don't get what we want because all decisions are meant to be final?
"I'm sorry, you cannot return this jumper you bought online because even though it doesn't fit you, you've already decided to buy it and all decisions are final".
Generally agree with ppl who say that searching is more important than organising. I use Alfred to search, but I think the default Finder app is quite good these days.
Most important thing is having a consistent filenaming convention. This helps you find files via search. I use 'YYMMDD_HHMM name' if I authored the file or 'YYMMDD_HHMM [sender] name' if someone emailed it to me.
Tangentially, what I'm really happy with is how I manage my web bookmarks. I don't use browser bookmarks or folders. I save bookmarks to Pinboard.in, a cloud service. Then there's a nice Alfred extension which allows me to find them (http://www.packal.org/workflow/alfred-pinboard).
I'd love to know what others do to maximise both convenience and security.
For two-factor authentication, I wouldn't use the same service for both layers. Seems daft to use Bitwarden as both the password keeper and the TOTP provider. Not sure if that's a cryptographically coherent view, but hey.