I’m considering installing a password manager (like 1Password) on my Mudita Compact to make it easier to manage my logins without needing another device. I’m also thinking about using a 2FA app such as Authy for the same reason. I’m especially interested in hearing from anyone knowledgeable about security. Do you feel that installing a password manager or a 2FA app on the Mudita Compact is a safe and practical solution (or must I/we carry a second more secure device in tow always and manually input passwords / 2FA codes as needed)? I’d really appreciate any informed insights you may be able to share before making a decision.
Keep in mind that the MK is running an outdated OS and the dev team is not transparent about security patches nor do they seem to have a strong understanding of cybersecurity. So I would be hesitant to say “yes it’s safe” when we don’t even know how secure the phone itself is and there are exploits out there that allow attackers remote access to your device.
It also depends on what password manager you are using. They aren’t all created equal. I absolutely would not use browser-based managers (like when Chrome asks if you want it to save your password), but I don’t recommend using those on any device.
But in general, I would be comfortable putting a reputable password manager app on the phone if you can at least lock the app with a PIN as an extra layer of protection even if the phone gets compromised. Same with a 2FA app.
Why are you still saying it’s outdated OS? I thought it was already explained. The way I’m understanding it: Mudita took Android 12 and used it as a donor to make it’s own OS - so now it’s something totally else.
Timelines bifurcated as a letter “Y” - on one side is Google upgrading and updating their OS on the other Mudita doing the same with theirs - and two shall never meet again.
What am I missing?
@stevenjc123 Good question. If you are super serious about it - to make it fully hack proof disregarding phone OS as attack vector would be using Yubikey as physical security step to protect both password manager and 2FA app. But I have no idea how would it work on the phone as my main weapon is my workstation for those kinda things (and I’m still a beginner in security topics).
I wouldn’t put both on a Mudita Kompakt at the same time Mostly because the device is not 100% secure, but also because then it misses the point of having 2 factors in the authorization process (like seriously, why do even some password managers have built-in 2fa codes support, it does not make sense to me…). Since I already use SMS for some services, I did put a 2FA app on my Kompakt (I use Ente Auth). But I know I’m taking a risk by doing that
@stevenjc123 I talked to our team about this & they said that apps like Bitwarden Authenticator and Bitwarden Passwords
Proton Pass & Aegis are fine.
The only issue you will have is the app you want needs google services.
Hi Urszula, thank you for checking and advising re compatibility. Re security, do you know if the MK (assuming you know what this means ;-)!) is compatible w/ USB security keys? I think this would give everyone an extra layer of assurance.
They have explained it and their explanation doesn’t track. They still used an outdated EOL version as their base and I don’t think it has actually changed enough to be “something totally else.” They have not shown a good grasp of cybersecurity in their actions or statements and there is no reason to believe that vulnerabilities in AOSP don’t exist in MuditaOS, especially when they refuse to be transparent about the vulnerabilities and patches. The phone lacks some basic security features that exist under AOSP. I’m still hoping someone can get Lineage working on it so I can have my degooglefied e-ink screen phone with an RF kill switch but also have a secure OS.
Ok, makes sense. The way the tech is progressing, the future will be either become IT security person or get totally f… For most people it’s like leaving front door open and refusing to lock it. Or living in the jungle without knowing which berries will kill you. When you cross the street first look left then right and so on, when it comes to tech… oh forget about it.
I’m super curious and not lazy as a person but this stuff is a lot.
So far my security for dummies method is leave phone for talking with grandma or other low risk stuff.
Everything else is done on PC: hack me and steal my data/credentials - too bad it’s still useless without my Yubikeys.
And If i click/run something malicious - no problem as every line of code I don’t manually approve goes straight to sandbox / “auto-containment” thanks to Comodo with CruelSister1 settings (if you don’t know about it - check it out - security best kept open secret - spoiler alert: all you need is free version of firewall but with proper settings).
Oh yeah and first rule of data and computers: “two is one and one is none” - at least one backup for everything important.
Still I wish I know what I don’t know (without changing my profession).
I’ll ask the team. I have one for my work laptop that uses a fingerprint, but it has standard USB size port. How would you use that with Mudita Kompakt?
As someone who works in cybersecurity, same. My phone is for communications but important stuff is mainly done from my PC. And actually I used to use Comodo all the time. Are you sure you don’t want to change your profession? You sound way ahead of the average person on this.
surly getting rid of windows with all its security and privacy flaws, for something open source should be the baseline, instead of attempting to “polish a turd”
Don’t get me even started on Windows I can’t stop using it - as some software I need is only on Win.
Got my firewall blocking some of Micro&soft snooping plus some time back I painstakingly learned how to set up those f…ing updates so now I’m in charge of what runs and when.
I agree totally with you ref windows, I have moved all but one of my devices off it a long time ago, my only windows computer runs cad software that is windows specific, it’s permanently offline, and has updates disabled in the registry.
I think it’s good to be a little paranoid . Im also looking more closely at what I do online, and asking myself, if I am leaving a trail of breadcrumbs behind. Personally I don’t mind not being able to log into YouTube, I never comment on videos, and make my own playlist offline, using hyperlinks, but crude but it works well and they can categorised the same, I’m slowly scrutinising everything, and trying to make steps in the right direction.
I have a couple of gmail accounts that I’ve had for years, which I need to address, I use my old phone to log into them, as you say they are terrible tracking tools.
I will look at using yubikey and 1 password a little further, thanks for the advice.
Mostly because the device is not 100% secure, but also because then it misses the point of having 2 factors in the authorization process (like seriously, why do even some password managers have built-in 2fa codes support, it does not make sense to me…). Since I already use SMS for some services, I did put a 2FA app on my Kompakt (I use Ente Auth). But I know I’m taking a risk by doing that
Mr Robot 
I can’t stop using it - as some software I need is only on Win.
. Im also looking more closely at what I do online, and asking myself, if I am leaving a trail of breadcrumbs behind. Personally I don’t mind not being able to log into YouTube, I never comment on videos, and make my own playlist offline, using hyperlinks, but crude but it works well and they can categorised the same, I’m slowly scrutinising everything, and trying to make steps in the right direction.