I have my browser set to clear everything when it’s closed. Both on mobile and on desktop. I would never have it any other way. God forbid someone hacked your PC…can you imagine of they had access to your browser that was logged into every single major account?
Well, that’s why I have a strong user password and disk encryption :)
Even if they were able to login, I use a heavily customized window manager, keyboard-shortcuts based, and unless they really knew what they were doing, they wouldn’t even know how to start the browser :))
Anyway, I get it could be a security issue, but I use so many websites daily, for both work and private… All (almost) with 2FA/TOTP, too. I would go nuts if I had to re-authenticate every time I restarted my browser.
I do take a few measures for privacy. I use separate workspaces for private/work and container tabs, separated for generic/work/amazon/google etc. I also have a few extensions that block ads, trackers, cookies, social integrations, etc. I don’t use any social platform (except lemmy). When I create an account on a website, I use a random/dedicated email account and/or username, with an obscene password that I will never know/see, my password manager handles that.
I work from home, and in my network I use a custom DNS setup, with firewall rules to force DNS requests to only go through my router (no direct connections from hardcoded ips). As an upstream DNS, I use Cloudflare’s 1.1.1.2/1.0.0.2, adding yet an extra filter. No ports are opened on my network, no remote access possible. For downloading Linux isos, I have a private VPN connection to a buddy in another country.
Don’t get me wrong, I’m not saying my setup is unbreakable, there are people out there with the skillset to take anything down. I don’t think I upset anyone that much though :)
If anyone has any ideas on how to be more secure, while not getting inconvenienced, I would love to hear them!
It’s definitely a potential security issue, but I don’t really think it’s realistically a large one. Hell, a keylogger would probably be worse for you than for me because I hardly ever actually enter passwords.
Then you get the dumb websites saying “we don’t recognize this device.” I can’t stand that. Especially while I’m using Passkeys to log in, like how are you this paranoid as a web developer not to realize that?
I’m a web developer myself armed with a VPN, and I’m tired of being hassled on others’ websites. Security based solely on IP address is lame.
I have my browser set to clear everything when it’s closed. Both on mobile and on desktop. I would never have it any other way. God forbid someone hacked your PC…can you imagine of they had access to your browser that was logged into every single major account?
Firefox temporary tabs extension
Well, that’s why I have a strong user password and disk encryption :)
Even if they were able to login, I use a heavily customized window manager, keyboard-shortcuts based, and unless they really knew what they were doing, they wouldn’t even know how to start the browser :))
Anyway, I get it could be a security issue, but I use so many websites daily, for both work and private… All (almost) with 2FA/TOTP, too. I would go nuts if I had to re-authenticate every time I restarted my browser.
I do take a few measures for privacy. I use separate workspaces for private/work and container tabs, separated for generic/work/amazon/google etc. I also have a few extensions that block ads, trackers, cookies, social integrations, etc. I don’t use any social platform (except lemmy). When I create an account on a website, I use a random/dedicated email account and/or username, with an obscene password that I will never know/see, my password manager handles that.
I work from home, and in my network I use a custom DNS setup, with firewall rules to force DNS requests to only go through my router (no direct connections from hardcoded ips). As an upstream DNS, I use Cloudflare’s 1.1.1.2/1.0.0.2, adding yet an extra filter. No ports are opened on my network, no remote access possible. For downloading Linux isos, I have a private VPN connection to a buddy in another country.
Don’t get me wrong, I’m not saying my setup is unbreakable, there are people out there with the skillset to take anything down. I don’t think I upset anyone that much though :)
If anyone has any ideas on how to be more secure, while not getting inconvenienced, I would love to hear them!
It’s definitely a potential security issue, but I don’t really think it’s realistically a large one. Hell, a keylogger would probably be worse for you than for me because I hardly ever actually enter passwords.
Then you get the dumb websites saying “we don’t recognize this device.” I can’t stand that. Especially while I’m using Passkeys to log in, like how are you this paranoid as a web developer not to realize that?
I’m a web developer myself armed with a VPN, and I’m tired of being hassled on others’ websites. Security based solely on IP address is lame.