|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
12 Jan 2019, 07:43 AM | #31 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
Beware of the Feitian keys, with Chinese firmware. It's notoriously difficult to use, and there's tons of complaints that it doesn't work. Amazon reviews are terrrible. There's a reason Google re-wrote the firmware... Both from security standpoint, as well as usability standpoint.
Good thing that Google released Titan. Yubico is finally offering a well priced FIDO key. |
13 Jan 2019, 07:45 AM | #32 | |
Junior Member
Join Date: Feb 2017
Posts: 21
|
Quote:
|
|
13 Jan 2019, 09:23 AM | #33 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
The issue isn't that it is breached. Never said that. The issue is, it's phishable and people are already being targeted. Reporters are being hacked through interception of authenticator codes. Already happened multiple times last year.
|
13 Jan 2019, 09:46 AM | #34 |
Cornerstone of the Community
Join Date: Jul 2011
Posts: 713
|
This thread has me completely re-evaluating my security game plan... thanks again. I just discovered I have older Yubico keys that should be updated.
Plus, more importantly, and on a related note, I'm getting a little nervous about LastPass... it just dawned on me that I've given LastPass so much power in my life and for 15 minutes today, I couldn't remember my LastPass password. That freaked me out a little. I use Yubikey with LastPass too, and because of this thread I realized they still haven't updated to U2F or FIDO2. During that brief period of panic when I couldn't remember my password, I caught up on LastPass security issues and password recovery and that did NOT make me feel more secure. In fact, I just didn't realize how consumer-friendly LastPass had become... it should be VERY hard for me to get back into my LastPass account. Eventually I remembered my password, and I was able to get back in... but even if I didn't remember it, there was still relatively too easy of a recovery method IMO. That really bugs me now about using such a consumer-friendly cloud password service. Not to mention I've never felt completely comfortable with my passwords relying on the cloud so much. So I think after this little experience, I'm going to migrate back to a self-managed approach for password management with open source software like KeePass. Anyway, thanks again for a great thread. I think I have some more homework to do, but I will be more secure when I'm done. |
13 Jan 2019, 10:28 AM | #35 |
The "e" in e-mail
Join Date: Dec 2004
Location: a virtually impossible but finitely improbable position
Posts: 2,320
|
BitWarden has been making great strides. They also have a self-hosting option. It's a bear if you host on Windows, other platforms are less buggy... but... you could self host with them if you want. BitWarden is OpenSource, and just completed a security audit with a German firm...
|
13 Jan 2019, 11:10 AM | #36 |
Cornerstone of the Community
Join Date: Jul 2011
Posts: 713
|
|