Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

you don't have to do jack to achieve that with brave sync, syncing your password db, that is, just enable it, done

i will only say that one time i think somehow something breached that as i had data manipulated in that password DB, or something, i forget now... suffice it to say i don't think it's perfect but it's hella better than bitwarden, even still, for UX and for simplicity and for its setup difficulty and complexity to operate

the root problem is always, and ever, about the fact that the internet incumbency is not going to let everyone put everything on the internet, and the reason being that almost everything that might do this is vulnerable, it would be armageddon, but never mind that these assholes should learn some fucking opsec and, you know, implement that as best practices in code

until that multiple layered bullshit is finally broken, give me brave sync over bitwarden any day

honestly i just want an NFC/USB based simple physical token with signing capability inside it and extensible, and high enough spec to actually do cryptographic shit

all this other shit is just makeshifts while fiat clown world IT industry finally comes to grips with their actual customers business

and even there, ffs social media customers are not the users, etc etc .... adlib to fade
Avatar
Diacone Frost 1y ago

I admit that I didn't look closer to brave sync and pwd management, because I somehow don't trust them (or even chromium).

On the other hand bitwarden code was internally audited in our company and I do trust our guys (who I know personally) and theirs skills.

Anyways, the seed phrases (and other really sensitive shit) I keep in a keepass db in an always offline VM and usb sticks (even LUKS protected LOL).

I don't have anything physical (like steel engraved or paper) because hackers are not my concern, police raid is.

Reply to this note

Please Login to reply.

Discussion

Avatar
Diacone Frost 1y ago

That's not true actually, I do have my border wallets printed out.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

this brings up the point that you should make your recommendations in the context of a threat model

bitwarden is for one of them, and very near it is google's password storage

brave sync is a different model which is about protecting against remote breach

you may be concerned about a physical breach in the form of police raid, but you haven't even considered that far more cheap and effective is a remote breach, for one thing, you may never know it happened, and for another thing, it doesn't require people in a physical location to perform

i'm not sure why police raid is your concern, and why if your concern is police raid you have not long ago planned an exit from the jurisdiction where this physical threat is so grave

Avatar
Diacone Frost 1y ago

I agree. As I said I keep some things electronic but strictly offline. Some I do not (like logins to non-critical systems). And some we share within our family.

As for jursdiction, I'm not affraid right now, but still a(ny) state can change the game rules at any moment.

(Not to mention good old physical robbery)

I'm doing recommendations of any sort. This is just how I, personally, keep my things organized and portion of secrets shared within my familly. brave is not very useful for that particular use case. And I have trust issues with them ; still a shitcoin company 😂

And I'm very far from telling ppl what to do. Here are options, DYOR, use what works best for you and your use cases.