Previously, you had to pay for Bitwarden's premium plan to add 2FA for your stored logins. Bitwarden is claiming they are the only password manager to now include 2FA logins for free.

As a paying customer, I've long been using Bitwarden's 2FA for logins, and it is pretty seamless. Bitwarden places the 2FA number ready in the device's clipboard, to just paste in straight after completing the login screen process.

Today, 2FA is absolutely essential for any login security, until passkeys are the norm. It sounds like Bitwarden's own passkey management for logins, will go live during October, and their own passkey access to Bitwarden, a while after that. It is not clear to me yet whether free tier users now also have 2FA login into Bitwarden itself. I'm using a Yubikey device for my 2FA when logging into Bitwarden, and that may still be for the paid service only.

I also noted when last renewing my Bitwarden subscription that they forced us to up our vault encryption iterations to 600,000. This was also a lesson learnt after the LastPass hack, where it was found the encryption iterations were way too low.

I'm eagerly awaiting to see how Bitwarden implements passkeys in October, as I'm dead set against using passkeys that tie me to any particular device or operating system. I have too many passwords to just lose or have to change.

See https://www.androidpolice.com/bitwarden-2fa-free-passkey/

#technology #passwords #2FA #bitwarden

Previously, you had to pay for Bitwarden's premium plan to add 2FA for your stored logins. Bitwarden is claiming they are the only password manager to now include 2FA logins for free.

As a paying customer, I've long been using Bitwarden's 2FA for logins, and it is pretty seamless. Bitwarden places the 2FA number ready in the device's clipboard, to just paste in straight after completing the login screen process.

Today, 2FA is absolutely essential for any login security, until passkeys are the norm. It sounds like Bitwarden's own passkey management for logins, will go live during October, and their own passkey access to Bitwarden, a while after that. It is not clear to me yet whether free tier users now also have 2FA login into Bitwarden itself. I'm using a Yubikey device for my 2FA when logging into Bitwarden, and that may still be for the paid service only.

I also noted when last renewing my Bitwarden subscription that they forced us to up our vault encryption iterations to 600,000. This was also a lesson learnt after the LastPass hack, where it was found the encryption iterations were way too low.

I'm eagerly awaiting to see how Bitwarden implements passkeys in October, as I'm dead set against using passkeys that tie me to any particular device or operating system. I have too many passwords to just lose or have to change.

See https://www.androidpolice.com/bitwarden-2fa-free-passkey/

#technology #passwords #2FA #bitwarden

Previously, you had to pay for Bitwarden's premium plan to add 2FA for your stored logins. Bitwarden is claiming they are the only password manager to now include 2FA logins for free.

As a paying customer, I've long been using Bitwarden's 2FA for logins, and it is pretty seamless. Bitwarden places the 2FA number ready in the device's clipboard, to just paste in straight after completing the login screen process.

Today, 2FA is absolutely essential for any login security, until passkeys are the norm. It sounds like Bitwarden's own passkey management for logins, will go live during October, and their own passkey access to Bitwarden, a while after that. It is not clear to me yet whether free tier users now also have 2FA login into Bitwarden itself. I'm using a Yubikey device for my 2FA when logging into Bitwarden, and that may still be for the paid service only.

I also noted when last renewing my Bitwarden subscription that they forced us to up our vault encryption iterations to 600,000. This was also a lesson learnt after the LastPass hack, where it was found the encryption iterations were way too low.

I'm eagerly awaiting to see how Bitwarden implements passkeys in October, as I'm dead set against using passkeys that tie me to any particular device or operating system. I have too many passwords to just lose or have to change.

See https://www.androidpolice.com/bitwarden-2fa-free-passkey/

#technology #passwords #2FA #bitwarden

Gmail may be very easy to use, and probably also one of the most used e-mail services out there, but Google has still not made any real effort to help e-mails going proper E2EE for all, despite the technology being available for a very long time.

Gmail's confidential mode is not E2EE at all. It is merely a self-destruct timer or password to open, type e-mail. The latter probably only works to other Gmail users.

The encrypted offering they have is only for paid Workspace account holders, and seeing Google controls the web interface and services... I'm not sure the NSA will be using it (then again, maybe Gmail at least seems to be hacked less often than Microsoft's cloud mail service!).

So ordinary users are probably better off adding one of the 3rd party browser extension that allow true OpenPGP E2EE for Gmail. It is free, and you can use your own public private key pair. But although this is free, the barrier for most normal users, is the 'complexity'. You need to set up a signed key pair, load it into the extension, and of course have friends that are suitably equipped to actually decrypt E2EE e-mail. Unfortunately, the reality here is that both sides of this equation are just not within feasible for many users. There is also no single standard used across all e-mail services for E2EE, and you can forget about sending an encrypted e-mail to 99.999% of business or government departments, and expecting any of them to be able to read it.

Where any e-mail service has a POP3 or IMAP protocol interface (like Gmail has), it is possible to use an offline mail app like Thunderbird, and also add your OpenPGP key in there. But the same barriers to adoption exist for ordinary non-tech users, and it means also taking accountability to backup your own e-mail.

The reality is, most users are going to be far better off with services like Proton Mail, or Tutanota, that make the encryption process about as seamless as it can be (even my own family managed to get Proton Mail right, but only one is bothered to use it, and only with me).

Most people are not bothered, unless there is some very simple one button press to encrypt e-mail. And it seems, sadly, that the world is dependent upon Google to make this happen, mainly because there are so many Gmail accounts. If a Gmail user can't read an encrypted e-mail, then you can't send an E2EE mail to them (yes, I know Proton and Tutanota have workarounds where the Gmail user clicks to log in and enters a password to read the mail. But those are great phishing opportunities against non-tech users too).

So, it does come down again to Big Tech, unfortunately, to decide whether average users will ever be able to have truly private and secure e-mail, as well as interoperability between instant messengers (my previous post about WhatsApp is what I'm referring to).

Certainly, all the technology has long existed, but the biggest user bases are 'stuck' in Big Tech services, and there is no easy way for them to adopt the alternatives en masse. Whilst they feel (or don't feel should I say) trapped there, they hold everyone else back too, and your E2EE e-mail is meaningless when you have to still send plain text e-mails to so many Gmail users. E-mail takes two or more parties to send and receive e-mail.

I'm only speculating here, but I'm suspecting Google is in no hurry to provide proper E2EE e-mail for Gmail users as it is a treasure trove of information about travel habits, medical details, banking details (less often now), relationships, and much more that is all open to analysis. Google certainly does scan e-mail as their TOS state they do this to detect viruses and malware, to provide search in e-mail, and 'to provide you personally relevant product features'. Gmail would likely have to become a paid service to make E2EE worthwhile for Google.

You either have complete privacy and pay for every service, or you lose privacy for those free services. The majority of users are still opting for free services.

See https://www.androidpolice.com/gmail-send-encrypted-emails/

#technology #Gmail #privacy #E2EE

Gmail may be very easy to use, and probably also one of the most used e-mail services out there, but Google has still not made any real effort to help e-mails going proper E2EE for all, despite the technology being available for a very long time.

Gmail's confidential mode is not E2EE at all. It is merely a self-destruct timer or password to open, type e-mail. The latter probably only works to other Gmail users.

The encrypted offering they have is only for paid Workspace account holders, and seeing Google controls the web interface and services... I'm not sure the NSA will be using it (then again, maybe Gmail at least seems to be hacked less often than Microsoft's cloud mail service!).

So ordinary users are probably better off adding one of the 3rd party browser extension that allow true OpenPGP E2EE for Gmail. It is free, and you can use your own public private key pair. But although this is free, the barrier for most normal users, is the 'complexity'. You need to set up a signed key pair, load it into the extension, and of course have friends that are suitably equipped to actually decrypt E2EE e-mail. Unfortunately, the reality here is that both sides of this equation are just not within feasible for many users. There is also no single standard used across all e-mail services for E2EE, and you can forget about sending an encrypted e-mail to 99.999% of business or government departments, and expecting any of them to be able to read it.

Where any e-mail service has a POP3 or IMAP protocol interface (like Gmail has), it is possible to use an offline mail app like Thunderbird, and also add your OpenPGP key in there. But the same barriers to adoption exist for ordinary non-tech users, and it means also taking accountability to backup your own e-mail.

The reality is, most users are going to be far better off with services like Proton Mail, or Tutanota, that make the encryption process about as seamless as it can be (even my own family managed to get Proton Mail right, but only one is bothered to use it, and only with me).

Most people are not bothered, unless there is some very simple one button press to encrypt e-mail. And it seems, sadly, that the world is dependent upon Google to make this happen, mainly because there are so many Gmail accounts. If a Gmail user can't read an encrypted e-mail, then you can't send an E2EE mail to them (yes, I know Proton and Tutanota have workarounds where the Gmail user clicks to log in and enters a password to read the mail. But those are great phishing opportunities against non-tech users too).

So, it does come down again to Big Tech, unfortunately, to decide whether average users will ever be able to have truly private and secure e-mail, as well as interoperability between instant messengers (my previous post about WhatsApp is what I'm referring to).

Certainly, all the technology has long existed, but the biggest user bases are 'stuck' in Big Tech services, and there is no easy way for them to adopt the alternatives en masse. Whilst they feel (or don't feel should I say) trapped there, they hold everyone else back too, and your E2EE e-mail is meaningless when you have to still send plain text e-mails to so many Gmail users. E-mail takes two or more parties to send and receive e-mail.

I'm only speculating here, but I'm suspecting Google is in no hurry to provide proper E2EE e-mail for Gmail users as it is a treasure trove of information about travel habits, medical details, banking details (less often now), relationships, and much more that is all open to analysis. Google certainly does scan e-mail as their TOS state they do this to detect viruses and malware, to provide search in e-mail, and 'to provide you personally relevant product features'. Gmail would likely have to become a paid service to make E2EE worthwhile for Google.

You either have complete privacy and pay for every service, or you lose privacy for those free services. The majority of users are still opting for free services.

See https://www.androidpolice.com/gmail-send-encrypted-emails/

#technology #Gmail #privacy #E2EE

Gmail may be very easy to use, and probably also one of the most used e-mail services out there, but Google has still not made any real effort to help e-mails going proper E2EE for all, despite the technology being available for a very long time.

Gmail's confidential mode is not E2EE at all. It is merely a self-destruct timer or password to open, type e-mail. The latter probably only works to other Gmail users.

The encrypted offering they have is only for paid Workspace account holders, and seeing Google controls the web interface and services... I'm not sure the NSA will be using it (then again, maybe Gmail at least seems to be hacked less often than Microsoft's cloud mail service!).

So ordinary users are probably better off adding one of the 3rd party browser extension that allow true OpenPGP E2EE for Gmail. It is free, and you can use your own public private key pair. But although this is free, the barrier for most normal users, is the 'complexity'. You need to set up a signed key pair, load it into the extension, and of course have friends that are suitably equipped to actually decrypt E2EE e-mail. Unfortunately, the reality here is that both sides of this equation are just not within feasible for many users. There is also no single standard used across all e-mail services for E2EE, and you can forget about sending an encrypted e-mail to 99.999% of business or government departments, and expecting any of them to be able to read it.

Where any e-mail service has a POP3 or IMAP protocol interface (like Gmail has), it is possible to use an offline mail app like Thunderbird, and also add your OpenPGP key in there. But the same barriers to adoption exist for ordinary non-tech users, and it means also taking accountability to backup your own e-mail.

The reality is, most users are going to be far better off with services like Proton Mail, or Tutanota, that make the encryption process about as seamless as it can be (even my own family managed to get Proton Mail right, but only one is bothered to use it, and only with me).

Most people are not bothered, unless there is some very simple one button press to encrypt e-mail. And it seems, sadly, that the world is dependent upon Google to make this happen, mainly because there are so many Gmail accounts. If a Gmail user can't read an encrypted e-mail, then you can't send an E2EE mail to them (yes, I know Proton and Tutanota have workarounds where the Gmail user clicks to log in and enters a password to read the mail. But those are great phishing opportunities against non-tech users too).

So, it does come down again to Big Tech, unfortunately, to decide whether average users will ever be able to have truly private and secure e-mail, as well as interoperability between instant messengers (my previous post about WhatsApp is what I'm referring to).

Certainly, all the technology has long existed, but the biggest user bases are 'stuck' in Big Tech services, and there is no easy way for them to adopt the alternatives en masse. Whilst they feel (or don't feel should I say) trapped there, they hold everyone else back too, and your E2EE e-mail is meaningless when you have to still send plain text e-mails to so many Gmail users. E-mail takes two or more parties to send and receive e-mail.

I'm only speculating here, but I'm suspecting Google is in no hurry to provide proper E2EE e-mail for Gmail users as it is a treasure trove of information about travel habits, medical details, banking details (less often now), relationships, and much more that is all open to analysis. Google certainly does scan e-mail as their TOS state they do this to detect viruses and malware, to provide search in e-mail, and 'to provide you personally relevant product features'. Gmail would likely have to become a paid service to make E2EE worthwhile for Google.

You either have complete privacy and pay for every service, or you lose privacy for those free services. The majority of users are still opting for free services.

See https://www.androidpolice.com/gmail-send-encrypted-emails/

#technology #Gmail #privacy #E2EE

The Watch 2 Pro is Xiaomi's first smartwatch to run Wear OS. It is a properly high-end smartwatch with a 1.43-inch OLED screen inside a 46mm stainless steel case with an IP68 rating. It also features a digital crown, similar to the Apple Watch and the Pixel Watch.

Qualcomm's 4nm Snapdragon W5+ Gen 1 chip powers this smartwatch. It comes with a 65-hour battery life promise, higher than the Galaxy Watch 6's 40-hour claim but lower than the Galaxy Watch 5 Pro's 80-hour figure.

Xiaomi's new smartwatch can also measure body composition, which was earlier only available on Galaxy Watches. It also features blood oxygen measurement, heart rate tracking with high heart rate notifications, sleep tracking, and stress measurements. It has dual-frequency GPS, though, which is not available on any Galaxy Watch, and it offers more accurate location tracking accuracy.

So, all in all, very interesting, and it is high time there was better competition in the Wear OS market. It lacks ECG functionality, and we'll have to see how it does in the real-world for heart rate tracking. So far, only the Huawei watch is close to Apple Watch territory when it comes to really accurate heart rate tracking (my own Galaxy Watch has shown rather disappointing results for exercise tracking). The Huawei watch, though, had its NFC payments functionality pulled in my country, and that was a bit of a dealbreaker for me (and interestingly, the linked article does not mention anything about NFC on the Xiaomi watch).

The Wear OS watches have not had really great battery life, like the Huawei watch does, which runs its own OS. I get about two and a half days off my Galaxy Watch, but I feel it could be better.

So, I'm going to be very interested to see the hands-on reviews of this watch, as well as the objective health tracking tests.

See https://www.sammobile.com/news/xiaomi-watch-2-pro-wear-os-launched-compete-galaxy-watch-6

#technology #WearOS #Xiaomi

The Watch 2 Pro is Xiaomi's first smartwatch to run Wear OS. It is a properly high-end smartwatch with a 1.43-inch OLED screen inside a 46mm stainless steel case with an IP68 rating. It also features a digital crown, similar to the Apple Watch and the Pixel Watch.

Qualcomm's 4nm Snapdragon W5+ Gen 1 chip powers this smartwatch. It comes with a 65-hour battery life promise, higher than the Galaxy Watch 6's 40-hour claim but lower than the Galaxy Watch 5 Pro's 80-hour figure.

Xiaomi's new smartwatch can also measure body composition, which was earlier only available on Galaxy Watches. It also features blood oxygen measurement, heart rate tracking with high heart rate notifications, sleep tracking, and stress measurements. It has dual-frequency GPS, though, which is not available on any Galaxy Watch, and it offers more accurate location tracking accuracy.

So, all in all, very interesting, and it is high time there was better competition in the Wear OS market. It lacks ECG functionality, and we'll have to see how it does in the real-world for heart rate tracking. So far, only the Huawei watch is close to Apple Watch territory when it comes to really accurate heart rate tracking (my own Galaxy Watch has shown rather disappointing results for exercise tracking). The Huawei watch, though, had its NFC payments functionality pulled in my country, and that was a bit of a dealbreaker for me (and interestingly, the linked article does not mention anything about NFC on the Xiaomi watch).

The Wear OS watches have not had really great battery life, like the Huawei watch does, which runs its own OS. I get about two and a half days off my Galaxy Watch, but I feel it could be better.

So, I'm going to be very interested to see the hands-on reviews of this watch, as well as the objective health tracking tests.

See https://www.sammobile.com/news/xiaomi-watch-2-pro-wear-os-launched-compete-galaxy-watch-6

#technology #WearOS #Xiaomi

The Watch 2 Pro is Xiaomi's first smartwatch to run Wear OS. It is a properly high-end smartwatch with a 1.43-inch OLED screen inside a 46mm stainless steel case with an IP68 rating. It also features a digital crown, similar to the Apple Watch and the Pixel Watch.

Qualcomm's 4nm Snapdragon W5+ Gen 1 chip powers this smartwatch. It comes with a 65-hour battery life promise, higher than the Galaxy Watch 6's 40-hour claim but lower than the Galaxy Watch 5 Pro's 80-hour figure.

Xiaomi's new smartwatch can also measure body composition, which was earlier only available on Galaxy Watches. It also features blood oxygen measurement, heart rate tracking with high heart rate notifications, sleep tracking, and stress measurements. It has dual-frequency GPS, though, which is not available on any Galaxy Watch, and it offers more accurate location tracking accuracy.

So, all in all, very interesting, and it is high time there was better competition in the Wear OS market. It lacks ECG functionality, and we'll have to see how it does in the real-world for heart rate tracking. So far, only the Huawei watch is close to Apple Watch territory when it comes to really accurate heart rate tracking (my own Galaxy Watch has shown rather disappointing results for exercise tracking). The Huawei watch, though, had its NFC payments functionality pulled in my country, and that was a bit of a dealbreaker for me (and interestingly, the linked article does not mention anything about NFC on the Xiaomi watch).

The Wear OS watches have not had really great battery life, like the Huawei watch does, which runs its own OS. I get about two and a half days off my Galaxy Watch, but I feel it could be better.

So, I'm going to be very interested to see the hands-on reviews of this watch, as well as the objective health tracking tests.

See https://www.sammobile.com/news/xiaomi-watch-2-pro-wear-os-launched-compete-galaxy-watch-6

#technology #WearOS #Xiaomi