I get that it’s supposed to make things more secure, but it feels like a constant chore every time I try to log in somewhere. Grab a code from my phone. Check my email. Open an authenticator app. Repeat this process for every single account, over and over.

I know there are tools like YubiKey that are supposed to make 2FA easier, but the reality is that most websites don’t even support them.

I already use a password manager, and all my passwords are long, randomized, and secure. Is there something I am missing that makes this easier, or is this just as infuriating for everyone else?

Hi all. I need to set up an outdoor CCTV camera and since there seem to be a hundred different brands and as many pitfalls I'm wondering if anyone here can help me navigate that minefield. I have zero experience.

I have the following basic requirements:

• Waterproof: It's outdoors, it will be rained on, plus there will often be high humidity, pollen and dust. It should not get fogged up. (IP66 or higher I think?) This also means there shouldn't be exposed plugs, otherwise it's not really waterproof.
• NOT battery powered. If there's a battery power option, battery degradation shouldn't prevent the camera from working, since otherwise that will massively impact longevity. I'm looking for something that can be wired directly to AC power.
• Wifi support: Comms cannot be wired in this installation. Norm will probably be n (2.4ghz) but ac+ should ideally be supported for future proofing.
• I probably can't buy it if it's not available in Europe (this often excludes some american startups).

With regard to what happens to the footage:

• I think IP streaming would be ideal?
• Abso-fucking-lutely no "cloud" based services. I have no interest in having to bounce footage through the US or china, or paying a monthly fee for unnecessary nonsense. I'm afraid of brands not being clear about this being a requirement before I spend my money.
• Some brands seem to have their own "server"/hub hardware? Why? No! I already own computers, so I don't need to waste money on a proprietary unitasker for talking to my camera.
• I think there are some open standards for camera streaming and open source software for handling the cameras. Support for these would be great. I'm accepting software recommendations too.
• I'm not in theory opposed to SD card support, but I'd rather not have to use local storage at all, and don't mind if it's not an option. If a setup requires storing in an SD card and then reading from it that's not the worst, I suppose (it's not that expensive to replace dead SD cards once every few years).

Optional bells and whistles:

• There is some illumination in the location at night, but some form of night vision would be highly desirable. Optional built in lights are probably also a good idea.
• Microphone is a nice plus.
• Motion detection and human tracking are a nice plus. The camera doesn't have to rotate 360 degrees; probably a ~60 degree angle of vision would be plenty. At the extreme, I'd say more than ~120 degrees is literally useless due to obstacles. (Obviously if an ideal solution has full rotation, I'll just take it.)
• Resolution+framerate (bitrate) can be as high as wireless-n can comfortably handle, but I don't really think I need more than 1080p.

Thanks in advance if anyone knows enough to be able to help.

This Lifehacker article recommending Ente Auth reminded me that I am looking to migrate off Authy to something else.

I thought I would see what Tilderinos are using:

• What do you use, and do you like it?
• How do you deal with syncing?
• Do you only generate codes on your phone, or do you use a desktop app too?
• What questions should I be asking that I didn't ask?

Could someone please recommend a text messaging app for Android that is reasonably secure?

Verizon is discontinuing their native texting (SMS) app. They recommend switching to Google Messages, but I would not like Google to have access to my entire text messaging history. I tried Signal, but my old messages don't transfer over (minor problem), and almost none of my family are willing to switch to Signal (big problem). When I search for advice, I get a bunch of AI slop articles and advertisements. So I figured I might have better luck asking here: Is there any text messaging app for Android that works well and isn't going to hoover up all my data?

Hi Tilderinos,

I head up a small startup and we're looking to get some support for our data security. Up until now we've worked with small mom and pops that didn't have any requirements, but a few of our new clients have full data security teams and our infrastructure and policies/protocols aren't up to snuff. We reached out to a few consulting firms and they quotes us between $80-100k to get things set up and run us through a full SOC2 review. As a small company we don't really have that type of budget, more like $40-50k. I stumbled upon Vanta and Drata as alternatives and had meetings with their sales folks last week. Both of their offerings from setting up our protocols to monitoring and getting us through a SOC2 were only $16k.

Are platform based companies like Vanta or Drata enough to get us off the ground while we're still getting set up? Has anyone worked with them before and have any feelings one way or the other? Should we be signing on with a security consulting company - be it at a lower rate if we can negotiate it?
This is all quite new to me and any insight folks here can provide would be incredible useful.