Can someone explain the "don't put all your eggs in one basket" argument to me?

cosmic_cowboy, 16 days ago

It all depends on your risk tolerance and perceived threat model.

I would recommend that if you do use Proton Pass in conjunction with your email, keep a backup KeePass file stored locally and in a few other places and update routinely.

The Proton ecosystem definitely doesn’t fit everyone’s security model, but it is a massive leap compared to what Google and Apple offer.

cyrus, 16 days ago

The idea is quite simple. If you put all your eggs into one basket, if that basket breaks, you’re screwed.

If we put this into context, this would mean that you would, for example, use all of Proton’s services and when Proton does something bad, now your entire suite of services is fucked.

fluckx, 16 days ago

You can have bitwarden auto generate simplelogin emails as well when generating usernames. You just need to fetch an API key from simplelogin :)

strawberry, 16 days ago

yeah I didn't know that simple login and proton are essentially the same thing

carzian, 16 days ago (edited 12 days ago)

A (small) part of not putting all your eggs in one basket is also avoiding vender lock-in. Having your personal email with proton, and your password manager with them makes it very difficult to switch in the future if you need to.

On a side note, I use anonaddy (now Addy.io). It allows you to create email aliases on the fly. So when I sign up for a new account somewhere, I generally make up some email like “example@my-account.anonaddy.com” for the email and save that right to bitwarden.

Looks like simplelogin supports the same thing simplelogin.io/blog/subdomains/

PS. Using your own domain name is a great way to avoid vender lock-in =)

Inui, 16 days ago (edited 12 days ago)

Additionally, you can enable encryption with Addy.io if you’re using Protonmail, which I believe resolves the issue of now trusting your information to two different sources.

AnAnonymous, 16 days ago

Don’t depend completely on something or someone, if at some point it goes to the fuck you will also go to the fuck…

That’s basically the main point into that phrase.

MagneticFusion, 16 days ago

If your Proton password EVER gets compromised your entire online entity is leaked now because they have access to not only your email, but every single password and other email that you use. While this is not common, you have to keep in mind that this can lead to years of headache and unrepairable damage to whatever it is about your online identity whether it is your health, finances, political activities, etc.

However, Proton Pass as a standalone product is excellent. I just would not use it with my main protonmail account, and instead create a completely separate account just for Pass. Good OpSec will always save you when you least expect it.

davel, 16 days ago

I don’t put my passwords in the cloud in the first place, so what it means to me is: keep backups.

cerement, 16 days ago

in the case of technology (specifically anything cloud based * ) – if you have your needs split across multiple services, if one of them goes down / gets hacked / goes belly up, you only lose access to what was stored on that service – if everything is on one service, then you lose access to everything

• the cloud is just someone else’s computer

xela, 16 days ago

If a service is ever compromised, you would have chosen to consolidate information that would lead you to be more greatly vulnerable than if you had spread over multiple services.