Privacy

30761 readers

2258 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

(lemmy.ml)

submitted 10 months ago* (last edited 7 months ago) by velox_vulnus@lemmy.ml to c/privacy@lemmy.ml

16 comments fedilink hide all child comments

Right now, I'm using Bitwarden's official instance, and I am bothered that I have to use Google's Authenticator app separately for TOTP. Yes, there's also Aegis and 2FAS, but I have no idea about WebDAV servers and also don't want to rely on Google Drive for backup, also because I'm moving away from Google services.

I'm planning to run Vaultwarden on a free instance of render.com, and I wanted to know if this was a good idea? Has anyone over here tried this?

What would happen if Render changes their plans and I lose access to the database? Will I still have access to the last-stored cache on my browser extension and mobile phone? And since I'm running a Rust infrastructure, would it use less of the free plan bandwidth that Render assigns?

Do I also need to purchase a domain? Or can I access the app with Render-affixed URL?

you are viewing a single comment's thread
view the rest of the comments

[–] OminousOrange@lemmy.ca 17 points 10 months ago (4 children)

If your issue is with the authenticator, then why not just switch authenticators? I've been quite happy with Authy over the years.

Sure, self hosting can be more secure, but if it's not on your own hardware, I don't see how moving to render is better. You're still using a third party to host your most sensitive information.

[–] namnnumbr@lemmy.ml 8 points 10 months ago

Authy is lovely in that it just works, but it is hellacious to migrate off of if you change your mind.

I also don’t love that Authy is owned by Twilio, a communications/marketing service company.

[–] ultratiem@lemmy.ca 6 points 10 months ago

This was my thought too. Why are you using Google Authenticator? It’s my understanding that it’s only required to use 2FA with Google specifically because, like Apple, they use their own system.

Just grab any authenticator, like Authy. Problem solved.

[–] Onihikage@beehaw.org 5 points 10 months ago (1 children)

Authy is pretty bad. They had a data breach that exposed users, they make it really hard to migrate your secrets to another app (God help you if you lose your phone), and they're completely closed source.

The best option is probably Aegis Authenticator, but at least do a cursory search for "[authenticator name] controversy" before choosing an authenticator.

[–] OminousOrange@lemmy.ca 2 points 10 months ago

Thanks for the recommendation. I'll look into transitioning to Aegis. Regarding backups, you are able to have another device in case you lose your phone (I also have Authy on my laptop in case that does happen), but the data breach you mentioned said that may have been a weak point. Either way, I'm going to explore Aegis now.

[–] Facebones@reddthat.com 2 points 10 months ago

I'll second Authy, I've never had any issues and it's simple in design which I like.