While I like it from an idealistic point of view - in terms of hardware build quality the current generation does just not get anywhere near a macbook pro. Maybe the next generation can close this gap further. As long as it is that big it cannot become my main device.
Have one but never needed it so far - or it didn't catch the virii ;)
I use bitdefender at least it's quite unobtrusive on mac (sick of the windows version!).
Sophos is free and afaik not too bad if you need one: https://home.sophos.com/free-mac-antivirus
I use bitdefender as well, but lately I started deactivating "autopilot" (auto scanning folders in the background) because it pushes my cpu usage to > 100% regularly while I am using my Mac.
I fortunately do not have that problem, yet. But the autopilot stuff and other weird stuff bitdefender is doing autonomously is exactly why i may ditch it soon. Will probably switch to sophos once it happens.
Nice! I like it and see potential. Was quite disappointed of all the OSX file managers so far and I think I've tried them all.
After staying for a bit with pathfinder I'm back to finder. While not super decent it still doesn't get into my way too often.
Something more advanced would be welcome though and I would even be willing to pay for it, given it suits my needs. That means though I rather wait for v1.0 because I miss quit a lot of features / ui usability in the current state.
Make it the Sublimetext of file managers and you have a customer.
Very pleasant and refreshing to see some activity on the OSS front here. I believe Mozilla would have the resources to bring this to a success.
Although naivety aside - I think it'll take years to only slightly catch up with the comfort and usability 1Password already provides. While it's not OSS it is still the benchmark to beat in terms of usability and integration.
Pass[0] is pretty great. GPG encrypted and synced with Git. There is a great cross browser extension called browserpass[1]. I have mine tied to my yubikey, so it needs a physical device to decrypted my passwords.
Doesn't saving each password to it's own individual file make it more breakable than saving everything together in one file?
I presume they're all using the same secret at some level. There's no FAQ on their site.
Thanks, I've already considered switching to Pass once but don't remember what stopped me. May reconsider it again when I have time during my holidays.
The client did not convince me compared to 1Password.
And then you either use their cloud or need to host a .net container yourself - which was a no go for me.
Then I can also stay with 1PW. But a matter of taste of course in the end...
Protonmail is certainly one of the more secure mail solutions since it's e2e encrypted not just at rest. On the other hand it doesn't support U2F yet which doesn't bring it to the top in terms of security.
Regarding privacy I would say it's one of the best available solutions since everything is encrypted they can and do not read your email content.
It's still a webapp, fully served from network, without any code signing (not even SRI to match hashes against), except for the TLS layer. AFAIK they don't even have a standalone variant except for the unofficial desktop Electron app, and a beta IMAP bridge for paying customers.
Basically, they still ultimately rely on trust, just like others. While they're drastically different from e.g. Gmail, trust requirement is still there.
If one's well-being really depends on security, it's best to err on side of caution. Meaning, something like MailPile on the client side, very cautious non-automated key exchange, and, optionally, self-hosted email with at-rest encryption (e.g. Postfix+Dovecot+GnuPG pipe) is probably much better option than anything Protonmail can offer in their current state. Or avoiding email (as it's not yet there and probably never will be) and using something like Wire or BitMessage or whatever (I'm not a security expert) has both client-side static and auditable source code and limits metadata leakage.
Bridge is out of beta: https://protonmail.com/bridge/ and yes for paying customers. Given they don't sell your data it's natural that advanced features have a price.
Yes there is of course trust involved as with anything. Still, for the majority of the folks it's better to trust someone else with their mail over running their own servers with gaping security holes. Avoiding email is not really possible yet and in the very near future...
Why does it need to support u2f? Would be nice if it did but from a security point of view,it does support two factor authentication(TOTP).
If you're concerned about the authenticator app being compromised then a dedicated phone or hardware token device can be configured.
As I said,u2f has better security but at least financially speaking,time based OTP has a lower barrier of entry while being superior in it's security to most non-u2f alternates (phone call,sms,etc...).
I don't think lack of u2f alone disqualifies it from being considered as having top tier authentication.
U2F is the only generally available two-factor method that is phishing-resistant. Phishing accounts for a large percentage of targeted attacks, something that is highly relevant in a threat model for journalists.
