**** Please enable 2FA on your OcUK forum account ****

Soldato
Joined
18 Aug 2007
Posts
9,688
Location
Liverpool
Actually, if anyone wants a free premium Bitwarden account including OTP/2FA (hosted by me and encrypted with your own key) give me a shout and I'll hook you up. OcUK members only, and at your own risk*.



* The server is backed up twice, onsite and offsite every 24h - and is protected by both Cloudflare and an OpenBSD firewall. Had zero issues in years, but... well, disclaimer disclaimer to be safe and all that.
 
Soldato
Joined
16 Aug 2009
Posts
7,728
Sigh.

you can use a single 2FA app like google authenticator for most of your 2FA needs, your only going to have more and more accounts using this tbh

That runs on a regular PC, right?

I've said it before and I'll say it again - this place is great, but it's predominantly gamers and such, not actual techies (with some notable exceptions). Most people here don't have much in-depth knowledge about privacy, encryption, networking, servers or the like.



As I said, the correct answer. :) Enable 2FA/OTP on all the things, get yourself a YubiKey or similar for physical 2FA, and generate a solid curve ed25519 SSH key and a GPG key - and use them!

Sounds about right. By the way could you put that last part in english please?
 
Permabanned
Joined
9 Aug 2008
Posts
35,707
It's been enabled since day 1 of the forum getting that feature. Everywhere I can enable it, it's enabled.

I use Authy because there is a windows app. If I ever loose my phone I have a second way to get onto my accounts. I don't want to be left in a situation that I'm locked out of all my accounts until I purchase a new smart phone.

I also use VaultWarden (Which is a fork of BitWarden) with 20 char random passwords, self hosted.
 
Soldato
Joined
7 Nov 2009
Posts
19,798
Location
Glasgow
Actually, if anyone wants a free premium Bitwarden account including OTP/2FA (hosted by me and encrypted with your own key) give me a shout and I'll hook you up. OcUK members only, and at your own risk*.



* The server is backed up twice, onsite and offsite every 24h - and is protected by both Cloudflare and an OpenBSD firewall. Had zero issues in years, but... well, disclaimer disclaimer to be safe and all that.
I don’t use a password manager, and my password usage probably isn’t going to win any security awards.

Should I take you up on your offer? I don’t know what most of it means. But you said premium, and free. Are you going to empty my bank account, both RBS and RuneScape?

Educate me please! (Genuinely, I’m very ignorant with this sort of stuff!)
 
Soldato
Joined
21 Jan 2010
Posts
21,946
Actually, if anyone wants a free premium Bitwarden account including OTP/2FA (hosted by me and encrypted with your own key) give me a shout and I'll hook you up. OcUK members only, and at your own risk*.



* The server is backed up twice, onsite and offsite every 24h - and is protected by both Cloudflare and an OpenBSD firewall. Had zero issues in years, but... well, disclaimer disclaimer to be safe and all that.
This is a lovely offer but nobody do this, lol
 
Permabanned
Joined
9 Aug 2008
Posts
35,707
This is a lovely offer but nobody do this, lol

I have to agree with this. While it's a nice offer you are not a business and hosting other peoples passwords if something happens you could end up in hot water. Please don't do this.

If people want to put their data in the hands of others this is something you need to be looking at. The personal plan is free.

Bitwarden Open Source Password Manager | Bitwarden
 
Commissario
Joined
17 Oct 2002
Posts
32,996
Location
Panting like a fiend
2FA via an app on your phone only takes ~30 seconds once a month which is worth it.

I would suggest anyone who sets up two factor authentication via and app makes a note of the "backup" codes that the forum will generate and you keep them safe, as that way if the app isn't working/you lose your phone you've got IIRC 10 codes to last you until you get it paired with a new authenticator.
 
Soldato
Joined
18 Aug 2007
Posts
9,688
Location
Liverpool
This is a lovely offer but nobody do this, lol

Why? It's Bitwarden - everything is encrypted at rest, in transit and at all times. Only the account holder has the key. The (encrypted) database is backed up twice (on and off prem) daily, and stored further encrypted (AES256) in an rclone vault which is only accessible by my private key. I have a better setup than most orgs lol.

I have to agree with this. While it's a nice offer you are not a business and hosting other peoples passwords if something happens you could end up in hot water. Please don't do this.

If people want to put their data in the hands of others this is something you need to be looking at. The personal plan is free.

Bitwarden Open Source Password Manager | Bitwarden

I suggested Bitwarden in my post, but OTP isn't free, it's £10 a year. What hot water are you referring to? There's certainly no legislation applicable to private individuals. Best bet is to RTFM and set up your own, or pay Bitwarden the £10/year. Failing that the offer's open. It's a trivial matter to back up your own Bitwarden to a file once a month and store it safely in case I drop dead.
 
Soldato
Joined
21 Jan 2010
Posts
21,946
Why? It's Bitwarden - everything is encrypted at rest, in transit and at all times. Only the account holder has the key. The (encrypted) database is backed up twice (on and off prem) daily, and stored further encrypted (AES256) in an rclone vault which is only accessible by my private key. I have a better setup than most orgs lol.



I suggested Bitwarden in my post, but OTP isn't free, it's £10 a year. What hot water are you referring to? There's certainly no legislation applicable to private individuals. Best bet is to RTFM and set up your own, or pay Bitwarden the £10/year. Failing that the offer's open. It's a trivial matter to back up your own Bitwarden to a file once a month and store it safely in case I drop dead.
Because when you get hit by a bus/win the lottery; it's all gone?
 
Permabanned
Joined
9 Aug 2008
Posts
35,707
Why? It's Bitwarden - everything is encrypted at rest, in transit and at all times. Only the account holder has the key. The (encrypted) database is backed up twice (on and off prem) daily, and stored further encrypted (AES256) in an rclone vault which is only accessible by my private key. I have a better setup than most orgs lol.

I suggested Bitwarden in my post, but OTP isn't free, it's £10 a year. What hot water are you referring to? There's certainly no legislation applicable to private individuals. Best bet is to RTFM and set up your own, or pay Bitwarden the £10/year. Failing that the offer's open. It's a trivial matter to back up your own Bitwarden to a file once a month and store it safely in case I drop dead.

You are one person. Not a business. You die who will take over the admin? As I said nice offer but if someone is going to do this at least put it in hands of a company with multiple people.
 
Back
Top Bottom