It’s not just navigating the pwd mgr; it’s also all the 2FA. Or do you integrate the two? If so, why? The whole point of 2FA is to be separate from one’s passwords for greater security.
It’s integrated for convenience and suits my threat model. 2FA for the password manager is separate though. Isn’t the whole point of 2FA to secure your account even if an attacker get their hands on your login info? Keeping it separate is just another layer of protection, no?
Each website must request and be granted by the user that explicit permission. Barring that, a bad actor would have to physically access your computer to install a keylogger (or I suppose one could be installed through a phishy attachment). Clipboard-stealing isn’t anywhere near as big of an issue as cookie-/session-stealing.
Just add exceptions for the sites you login to. You already have a user account on their site, deleting cookies at the end of each session won’t do much for these sites anyway.
I do. A self-hosted password manager makes it only a second or two inconvenience for most sites. The worst ones are the ones that send you a code for 2FA, but still, with those it’s a 10-15 second inconvenience. One thing I’ve learned in my quest for proper digital privacy is that I had to give up my obsession of convenience. I used to be the guy that lost my mind when my internet was even a tiny bit slow, but I’ve had to get comfortable with not getting what I want immediately. I genuinely think it’s made me a better person in other areas as well, but that could just be cope lol
Mine just wipes every time I close the browser
Same, I don’t really do “browser history”
Do you also wipe cookies, leading to needing to relogin every time you visit a site
Yes
That’s very annoying
Meh, not really. It only takes a few extra seconds and keytaps to logon with a password manager.
Accidentally closing the browser when not done however, that’s annoying
It’s not just navigating the pwd mgr; it’s also all the 2FA. Or do you integrate the two? If so, why? The whole point of 2FA is to be separate from one’s passwords for greater security.
I have the same, but I have a hardware key.
Log in with the password manager and then tap my key.
It’s integrated for convenience and suits my threat model. 2FA for the password manager is separate though. Isn’t the whole point of 2FA to secure your account even if an attacker get their hands on your login info? Keeping it separate is just another layer of protection, no?
I have a password database that is secure and offline.
Why the hell would I want my browser to store my passwords/session data?
Do you get autofill?
Hell no.
Copy, paste. Done.
aint there stuff that can read your clipboard?
Each website must request and be granted by the user that explicit permission. Barring that, a bad actor would have to physically access your computer to install a keylogger (or I suppose one could be installed through a phishy attachment). Clipboard-stealing isn’t anywhere near as big of an issue as cookie-/session-stealing.
it’s a couple clicks on Proton Pass. takes 6 seconds.
minor inconveniences are the cost of privacy and security.
Just add exceptions for the sites you login to. You already have a user account on their site, deleting cookies at the end of each session won’t do much for these sites anyway.
Is cross domain tracking resolved?
I do. A self-hosted password manager makes it only a second or two inconvenience for most sites. The worst ones are the ones that send you a code for 2FA, but still, with those it’s a 10-15 second inconvenience. One thing I’ve learned in my quest for proper digital privacy is that I had to give up my obsession of convenience. I used to be the guy that lost my mind when my internet was even a tiny bit slow, but I’ve had to get comfortable with not getting what I want immediately. I genuinely think it’s made me a better person in other areas as well, but that could just be cope lol
You can add exceptions, but yes