Your advice is so simple and yet something I had never thought of- "set no work hours". Do you blog or have any other advice? You seem to have a lot figured out.
You seem to know a bit about encryption. Which is why it baffles me- how does telegram do this? Does it need a connected device in this way too? So one can upload the encryption key if its lost? If no device is connected, can/how do they do it? If yes, can Firefox copy that way?
I was referring to them saving encrypted data on their servers. Isn't that e2e encrypted? If not, does that mean an adversary with access to their database knows my chats?
That is not end-to-end encrypted, no. The company has all the information necessary to retrieve your plaintext conversation data. They can (and likely do) encrypt this data at rest within their infrastructure, and they can make it as hard as they want for an individual employee to access this information, but fundamentally you're trusting that their internal controls are sufficient.
I like, actually love Firefox. So as a major user I resent them for posting this article, its somewhat inethical when no recent work has been done on sync and they are , as they claim themselves, not willing to touch this code in fear of breaking it. If you are don't understand enough to make changes, maybe don't make an article about itm
This is not true. I work on Firefox Sync full time, as do multiple other engineers.
Admittedly, the current version in Desktop/iOS/Android is in a sort of 'maintenance mode' (we still fix bugs, but don't work on new features or actively fix it up).
The reason for this is basically that those three versions are entirely separate implementations that share no code (they're also in languages that have integration difficulties on the other platforms, unfortunately, so we can't just settle on one).
We're currently rewriting it as a cross-platform module, and planning on replacing them.
High quality? It was web-boys trying to one up each other and bootcampers from toxic work environment practicing how to insult the parent poster without sounding aggressive.
I recommend this iPad-book 'Let's Learn ES6' by Ryan Christiani [1] to bring you up to speed with some of the features of modern JavaScript. It's got videos on it!
The fact that I can't easily use a Yubikey for 2FA with KeePass has always made it a nonstarter for me. After experiencing the comfort and peace of mind I get with "master password PLUS Yubikey" in Bitwarden and LastPass, I could never go back to just having a master password that could be keylogged.
Yes, you can have a static "keyfile" on a USB stick that you use for 2FA, but that could be easily copied. "But if they have physical access it's already game over!" The scenario I am concerned about is unlocking my master database on a computer I don't own, like at work. I can do that with Bitwarden.
Bitwarden is closer to a LastPass competitor in the sense that it combines the encrypted database management with cloud storage, so that you can trivially share the database across devices.
Keepass is only the encrypted database management component. If you want to share that database across multiple devices you have to combine it with a cloud storage service (DropBox, Google Drive, OneDrive, iCloud, etc).
The major advantage of Keepass is that hypothetically it could be a completely off-line system, you could manually copy the database via e.g. USB Stick to every device if you so wished.
Keepass2 does not perform any syncing between devices (as far as I know), it's "just" a password safe that stores data in an XML file.
Personally I sync my Keepass files using a secure file sync app (not Dropbox), which is sufficient for me. I don't log into account on my phone so I don't need the passwords there, I guess it can be a reason for people to use Bitwarden.
