I shared a version of this guide earlier this year, but felt a website was needed to unpack the different options fully. So after an unreasonable number of hours, I put together the necessary data and website.
I hope this is digestible enough for the average person to help those looking to take that first step, or for people who are equally passionate and want to get their friends or family involved.
Details:
- Site - https://purchasewithpurpose.io/
- Code - https://codeberg.org/purchase-with-purpose/pwp-website
- Community - https://lemmy.world/c/PurchaseWithPurpose
Every time I post these guides, there is always feedback on things that can improve, or I got wrong. Please do share, as it is the best way for these to evolve!
Oh, what do they secure more?
I have a system, I do change it sometimes, and it’s simple for me to remember, but makes strong passwords.
Security questions. For me to log into my income tax portal, I need to answer 1 of 5 questions. None of the answers to their questions are something that can be looked up in breach data - for example “Name your first love” my answer could be “the moon”. I log into this once a year so forgetting my fake answers is a real possibility.
Medical information about my family such as current prescriptions and allergies.
My password manager also can create email aliases.
Basically, anything that needs to be kept secure, private, and accessible.
Here’s a simple question. Isn’t 2-factor login safer than what you describe there?
Why would you need aliases? Do you often login to places that is so insecure?
Well, seems like you have a hard time with security. Me, I manage with 2-factor and my password system, that makes me have unique passwords for every site or app I need… :-)
2FA isn’t an option for my income tax portal but would be a safer option.
Aliases are used so I never share my actual email address. If any service I sign up with starts spamming, I know that email has been compromised (probably in a breach) or the service spams their users.
Security is very easy for me. Password managers are the norm among the privacy/security community.
And yet some of those managers has been breached and is continuously targeted, because they are a security risk in themselves.
Strange to have a tax portal with poor security.
They also have something they call a “2fa grid”. Its a picture they send out once a year to citizens with 12 groups of 3 letters. They ask me to enter the letters from three of the boxes. Not an industry standard method for sure. Signing into the portal is probably the most difficult of all my accounts.