This apparatus was recommended by Gemini. I've been using Cruelsister's Comodo configuration for a few years, and asked for companion apps to cover potential gaps in security. NextDNS, Osprey, and uBOL block known malicious domains and exploit tactics, Defender with ConfigureDefender blocks in-memory execution and injection, Hardentools disables common script hosts, and Comodo can catch unknown binaries and scripts that manage to bypass everything else and cripple persistence with Auto-Containment.
I like Proton Pass because, even though it is a cloud-based service, I only have to key the master password once, which I can do on a dedicated iPhone with Lockdown Mode enabled. Afterward, new logins are authorized via QR codes, and a PIN to unlock. I use a Soyes XS15 mini phone for TOTP in Aegis. I downloaded the APK on my computer, copied it to the microSD card, and installed it offline. The phone has no cell service or Wi-Fi passwords, and airplane mode stays on. Whenever I create a TOTP token (including for Proton Pass), I boot into Tails Linux on a Kanguru flash drive with physical write-protect swich, hop online, set up TOTP, kill the connection, and reboot.
After adding/updating a TOTP seed, I back up Aegis to an encrypted .json file, copy it to the microSD card, insert it in the computer's card reader, create a SHA-256 checksum, upload a copy to Proton Drive with a different account, download it again, save copies to a couple of external HDDs, verify the last copy against the checksum, delete all the accounts in Aegis, and restore from the backup to test it.
I like Proton Pass because, even though it is a cloud-based service, I only have to key the master password once, which I can do on a dedicated iPhone with Lockdown Mode enabled. Afterward, new logins are authorized via QR codes, and a PIN to unlock. I use a Soyes XS15 mini phone for TOTP in Aegis. I downloaded the APK on my computer, copied it to the microSD card, and installed it offline. The phone has no cell service or Wi-Fi passwords, and airplane mode stays on. Whenever I create a TOTP token (including for Proton Pass), I boot into Tails Linux on a Kanguru flash drive with physical write-protect swich, hop online, set up TOTP, kill the connection, and reboot.
After adding/updating a TOTP seed, I back up Aegis to an encrypted .json file, copy it to the microSD card, insert it in the computer's card reader, create a SHA-256 checksum, upload a copy to Proton Drive with a different account, download it again, save copies to a couple of external HDDs, verify the last copy against the checksum, delete all the accounts in Aegis, and restore from the backup to test it.
