this post was submitted on 01 May 2024
53 points (94.9% liked)

Privacy

31931 readers
705 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I'm (probably) switching to Proton Pass from Bitwarden because its easier to create email aliases (all in one instead of making an alias with SimpleLogin, then copying that to Bitwarden and making a password there) but I've heard people saying not to use Proton Pass to not "put all your eggs in one basket". Can someone explain what this means?

Thought if there is a way to generate those aliases within Bitwarden (using Proton's alias not SimpleLogin's as I'm going to be paying for Proton Unlimited anyways, I don't wanna pay for SimpleLogin too) I'd appreciate it, as I prefer Bitwarden.

Thank you all :)

EDIT: I understand now. TL:DR: If one service dies you still have the other. Either way, turns out I can just grab my API Key from SimpleLogin and use it with Bitwarden, as thats what Proton uses anyways. Also the Proton Pass extension just shit itsself and I'm not a fan of Proton's UI so I will be sticking with Bitwarden.

all 11 comments
sorted by: hot top controversial new old
[–] [email protected] 32 points 6 months ago

If a service is ever compromised, you would have chosen to consolidate information that would lead you to be more greatly vulnerable than if you had spread over multiple services.

[–] [email protected] 22 points 6 months ago* (last edited 6 months ago) (1 children)

A (small) part of not putting all your eggs in one basket is also avoiding vender lock-in. Having your personal email with proton, and your password manager with them makes it very difficult to switch in the future if you need to.

On a side note, I use anonaddy (now Addy.io). It allows you to create email aliases on the fly. So when I sign up for a new account somewhere, I generally make up some email like "[email protected]" for the email and save that right to bitwarden.

Looks like simplelogin supports the same thing https://simplelogin.io/blog/subdomains/

PS. Using your own domain name is a great way to avoid vender lock-in =)

[–] [email protected] 15 points 6 months ago

The idea is quite simple. If you put all your eggs into one basket, if that basket breaks, you're screwed.

If we put this into context, this would mean that you would, for example, use all of Proton's services and when Proton does something bad, now your entire suite of services is fucked.

[–] [email protected] 12 points 6 months ago

in the case of technology (specifically anything cloud based * ) – if you have your needs split across multiple services, if one of them goes down / gets hacked / goes belly up, you only lose access to what was stored on that service – if everything is on one service, then you lose access to everything

* the cloud is just someone else’s computer

[–] [email protected] 5 points 6 months ago

It all depends on your risk tolerance and perceived threat model.

I would recommend that if you do use Proton Pass in conjunction with your email, keep a backup KeePass file stored locally and in a few other places and update routinely.

The Proton ecosystem definitely doesn't fit everyone's security model, but it is a massive leap compared to what Google and Apple offer.

[–] [email protected] 4 points 6 months ago

I don’t put my passwords in the cloud in the first place, so what it means to me is: keep backups.

[–] [email protected] 3 points 6 months ago

Don't depend completely on something or someone, if at some point it goes to the fuck you will also go to the fuck..

That's basically the main point into that phrase.

[–] [email protected] 2 points 6 months ago (1 children)

You can have bitwarden auto generate simplelogin emails as well when generating usernames. You just need to fetch an API key from simplelogin :)

[–] [email protected] 2 points 6 months ago

yeah I didn't know that simple login and proton are essentially the same thing