I have recently noticed an uptick in phishing emails and SMSs, getting me to click on some malicious link and this has been troubling me.
I am fairly good about what I click and so far I haven't clicked anything malicious (I think). However, this has motivated me to up my online security.

All my computers run Linux and I use an Android phone.

For browsing I use Firefox, with NoScript (and uBlock) and use containers for separating personal/shopping sites, etc.
I also have host file blocking on my computers and phone (using AdAway).

I do have a pi-hole setup at home as well.

I also have 2FA setup on all my banking accounts, email accounts etc.
However all my banking account 2FA is still just using SMS. Which I think is now easily circumvented.
Email accounts do use Authenticator apps (like Authy and Google Authenticator).

I also use a password manager (this one), which works well for me, but is only available on my computer and not from my phone. I am split between having my password manager available on my phone tho, since it is always on me and could be stolen or have something malicious installed on. What do you guys think? I am wary of services like LastPass, is that valid?

So I wanted to start a thread to discuss what do you guys do to stay safe online?
I am also considering getting a pair of Yubikey (one backup), are there any caveats/pitfalls I need to be aware of with Yubikey?

First, some context. The latest from the US justice department saying that they will be focusing on finding "ANTIFA leaders" is incredibly troubling for anyone involved in leftist groups. I foresee a lot of good activists, regardless of how far left they actually are, arrested on trumped up charges in order to squash opposition.

Organizing is essential to resist fascism. This is made more difficult by the pandemic, as in person meetings bring a huge, almost unacceptable risk. As such, many orgs have been turning to platforms like Slack instead. Trouble is, Slack logs are not encrypted and I am certain that as a business based in the US Slack will not put up a fight to keep user data safe if the feds come calling.

I'd like to collect a decent list of alternatives. Important factors include encryption, ownership, open source status, ease of use, federation, scalability, hosting, cross platform, and anything else you can think of.

What started out as a little facetious in my own head leads me now to a serious question. Is there some meaningful reason why Google has to use a subsection of images for reCAPTCHA? I really dislike having to do this and at the very least would appreciate some variation.

• Traffic Lights
• Buses
• Bicycles
• Cars
• Crosswalks

Is there something special about these things in this context? Is the visual noise they're usually associated with what makes them good candidates? Are Google just really into urban planning? Who knows...I'm hoping some Tilder smarter than I can help me out.