And some TOTP apps don’t interpret the algorithm
parameter correctly, which makes it safer to go with the default SHA-1.
Lemmy in fact was using SHA-256 for its earlier TOTP implementation and reverted back to SHA-1 since some people locked themselves out due to poor support in some TOTP app (among other issues, another was that the activation workflow never asked you to confirm the code you enrolled was working and generating the correct code…).
A strong and unique passphrase is indeed really important here, but you need to keep in mind that once the kdbx file is in the attacker’s hand, that’s the only thing that keep them out.
There’s no 2FA, and no throttling on the bruteforce process. So it’s really important to use a strong password there to avoid it being the weakest link.
One trick is that you can enroll your TOTP codes on more than one device, the only thing the device need is the clock to be synced to provide the correct code.
You can store your TOTP codes in many places:
That way you don’t get caught your pants down if one of your device dies, get stolen, etc. Also, keep the recovery keys / backup keys in a safe place just in case of a worst case scenario.
Keep in mind that your TOTP backup and Password Manager files like KeePassXC can be the weakest link in your OPsec if you’re not careful.
Initially the software wasn’t very stable, but that was fixed over time. Overall I liked it a lot, and the available “apps” for it all filled a niche I looked for.
I switched because I wanted to go back to a more classic watch I can simply wear and forget about. I don’t have all the bells and whistles from the BangleJS2, but now I have a watch to see my notifications and step counter that I don’t need to recharge every week, the battery (CR2032) is said to last about 2 years in the GBD-200.
I would suggest to look at the models supported by Gadgetbridge and pick one from there. I know I can trust Gadgetbridge not to leak my data since it doesn’t ask for network permission.
https://gadgetbridge.org/gadgets/
I used it for several years, through multiple gadgets (in chronological order)
Fast charging is constantly improving though, I wouldn’t be surprised if we reach a point where EV charging improves to a point where it takes roughly the same time as charging an ICE vehicle in the 2030s.
One could use one of the Lemmy instance dedicated at mirroring reddit (ex: https://lemmit.online/) as a workaround I suppose.
And with Syncthing’s Untrusted Device Encryption feature I can use my VPS as an extra node for synchronization without worrying touch if it becomes compromised without me knowing.
I even used it while traveling with friends. We couldn’t have our seats together in the airplane and the capability to chat and shitpost over bluetooth securely was kinda nice without annoying everyone.
My biggest annoyance is the inability to migrate a profile and the existing chats across devices, even though that’s good security-wise.
I hope so, as I use it on the Steam Deck and on Fedora Onyx (Budgie Atomic), which both rely on Flatpak for desktop applications.
What I like is how easy it is to become a Snowflake proxy. Just install the addon on your normal browser, and turn it on.
I backup the videos I transcoded myself on Google Drive (encrypted, Google can’t see the content), since I buy the extra storage anyway.
Bilingual MKVs (English and French (preferably Canadian French when available)) are kinda rare online, and they help me save some storage instead of having two copies of the same movie for each language.
Always consider what you say on Discord as potentially public, since there is no E2EE.