Coming up on this week’s episode of Destination Linux: Google & Canonical are teaming up to bring Flutter to Linux for a cross-platform game changer. How Important is Disk Encryption & Security Keys – should you be using them or do you just prefer being hacked? We’ve got community feedback, a DRM FREE Game called Drox Operative and our beloved tips/tricks and software pick. All of this and so much more on this week’s Destination Linux.

Hosts of Destination Linux 182:

Michael of TuxDigital = https://tuxdigital.com
Ryan, aka DasGeek = https://dasgeekcommunity.com
Noah of Ask Noah Show = https://asknoahshow.com

Want to Support the Show?

Support us on Patreon = https://destinationlinux.org/patreon
Support us on Sponsus = https://destinationlinux.org/sponsus
Destination Linux Network Store = https://destinationlinux.network/store

Want to follow the show and hosts on social media?

You can find all of our social accounts at https://destinationlinux.org/contact

Sponsored by: do.co/dln
Sponsored by: bitwarden.com/dln

Segment Index

Comments

  1. Your security thoughts about MFA, and SMS and authenticator auth is not secure enough. My gosh I think you guys live with tinfoil hat on your head. Yes what you said is probably true and relevant when someone is a high value target or a corporation with millions of dollars at stake.

    But for Joe Schmoe out there, the chances his phone’s sim will be targeted and the hacker will also have access to Joe Schmoe password to the particular website is small to nill.

    Instead of pushing all this “don’t trust MFA unless hardware based” is just nonsense for most people out there. Instead push people to use secure passwords and change the passwords every 3-6 months. That mixed with MFA with whatever mechanism - is good enough.

  2. I get why you would not want to use Google Auth or Authy but what about opensource OTP clients on android like freeotp+, Aegis Authenticator , or on flathub there is also OTPClient.
    I think especially because these can be used completely offline as long as the clock is synced they are not a bad option even if they are not as secure as yubikey.

  3. Yeah, your situation might be different. I trust Bitwarden. They’re an OSS product so I feel like if they were up to anything shady it would show in their code. Your threat vectors might be different, so I understand if you wanted to self-host.

  4. You can also selfhost your vault in Bitwarden. That’s on my to-do-next on my NAS :slightly_smiling_face:

  5. In my case, I pay for Bitwarden because I want to support the project. I wish more FOSS software had an easy way to contribute.

Continue the discussion at discourse.destinationlinux.network

16 more replies

Participants