ProtonMail Web Client VS Bitwarden

The source code is here https://github.com/ProtonMail/WebClients

> Finally, in keeping with our long track record of transparency, Proton Pass is open source so anyone can review and verify our security architecture

They sure do enjoy writing that sentence without including any hyperlinks. This (https://github.com/ProtonMail/WebClients/tree/main/applicati...) appears to be the browser extension and https://github.com/ProtonMail/WebClients/tree/main/packages/... appears to look like the backend referenced in the extension's readme, but that directory's readme is zero bytes so (shrug)

Fork the frontend and make your own lightweight option

PS: I hope that we selfhosters will have a modern, efficient, easy to use mail suite one day with modern features like JMAP, good self-learning spam integration, automated checks and validations for SPF/DMARC/DKIM or whether the IP/host suddenly appears in a blocklist and integrated encryption at rest for emails. Something that isn't 30 services in a container image, with 30 different configuration styles. Maybe even with an API integrated that's compatible to the ProtonMail frontend (like the neutron server once intended to be). Anyway, I'm sorry for dreaming. ;)

And if you want to customize it further you can use Stylus to add custom CSS, Tampermonkey to add JS, or even modify the whole thing yourself from source (if you run it locally it syncs with your actual account).

There are lots of useful End to end encrypted webapps such as Protonmail, cryptpad, cryptee and many others. And part of why we trust them is that the client side code is open source, so we can see that end to end encryption is really going on and is really secure. Its impossible to verify what code they are running in their server, but if the data we send them is already encrypted we can rest easy.

For passwords and 2FA I use Bitwarden in combination with a self-hosted Vaultwarden service (for imcreased security and use of pro features for free).

First it's good to use a password manager, however it's not a good idea to use the one built into your browser. I would suggest switching to BitWarden or similar (not LastPass).

I just noticed today when relogging in on Bitwarden (I couldn't sync my vault) that it said "Logged in as [email] on __$2__" instead of "Logged in as [email] on bitwarden.com". I don't know why or how that happened, and I have no idea what it means. Did I screw up somehow? Just to be clear, I did login and just after I logged in my brain realized that it said "__$2__" instead of what it should say.

bitwarden:~$ sudo ./bitwarden.sh updateself _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2023, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== bitwarden.sh version 2023.10.3 Docker version 24.0.7, build afdd53b Docker Compose version v2.21.0 Updated self. bitwarden:~$ sudo ./bitwarden.sh update _ _ _ _ | |__ (_) |___ ____ _ _ __ __| | ___ _ __ | '_ \| | __\ \ /\ / / _` | '__/ _` |/ _ \ '_ \ | |_) | | |_ \ V V / (_| | | | (_| | __/ | | | |_.__/|_|\__| \_/\_/ \__,_|_| \__,_|\___|_| |_| Open source password management solutions Copyright 2015-2023, 8bit Solutions LLC https://bitwarden.com, https://github.com/bitwarden =================================================== bitwarden.sh version 2023.10.3 Docker version 24.0.7, build afdd53b Docker Compose version v2.21.0 Update not needed bitwarden:~$

Bitwarden (version 8588): A secure and free password manager for all of your devices.

I would also recommend the use of a password manager such as Proton Pass, BitWarden or 1Password if your looking for a more premium solution.

Use a password manager if you do not already and have it generate unique passwords for every website. Bitwarden is one of the best. You should NEVER reuse passwords and should always use unique passwords. It may be inconvenient at first but a password manager like Bitwarden really does make it a whole lot more convenient. Your e-mail especially should have its own unique password. You should also use two-factor authentication on any website that offers it. If you do not have a good AV on your computers, Bitdefender and Kaspersky both offer free options. The website https://haveibeenpwned.com/ is a good place to check if your credentials have been in a data breach.