▲ 2 r/GMail

Google account security setup

Hey,

I’ve been tightening up my digital security lately and just went through my Google account’s sign-in settings. Here’s where I’m at :

• 2-Step Verification (on)
• Passkey set up
• Strong password
• “Skip password when possible” enabled
• Authenticator app (OTP through 1Password)
• 10 backup codes generated and stored safely in 1Password

Not yet set up:

- Recovery phone number
- Recovery email (currently unverified)
- Recovery contacts
- Google Prompt
- 2-Step Verification via phone
- Enhanced Safe Browsing (not enabled in Chrome)

Where I’m hesitant:

I’ve read a lot about SIM swapping being a real risk with SMS-based recovery/2FA, so I’ve been avoiding adding a recovery phone number, thinking it might introduce a weak point rather than close one. Same logic made me skip “2-Step Verification phone” as an option.

I’m also unsure about Enhanced Safe Browsing — I get that it improves malware/phishing detection, but I assume it means sending more browsing data to Google in exchange. Not sure if that tradeoff is worth it for someone who isn’t super exposed (I don’t work in a sensitive field, just a regular user trying to be careful).

My actual questions:

  1. Is skipping the recovery phone a smart move given the SIM swap risk, or am I overthinking it since it’d only be used as a last resort (not an active 2FA method) ?

  2. Is an unverified recovery email actually a real risk, or low priority since I already have passkey + OTP + backup codes as my main methods ?

  3. Anyone actually use Google Prompt day to day ? Worth turning on ?

  4. Enhanced Safe Browsing worth the privacy tradeoff, or is regular Safe Browsing good enough for a normal user ?

  5. Is there anything in this list that you’d consider mandatory rather than optional, given what I already have active ?

Trying to get my setup as close to “solid but not paranoid” as possible. Would appreciate hearing what others have actually configured and why.

reddit.com
u/Positive-Rub4930 — 6 hours ago

Question système cybersecurité (1password, yubikey, passkey..)

Bonjour,

J’ai plus de 300 comptes, plus ou moins important, étant producteur de musique j’ai la nécessité d’ouvrir pas mal de comptes pour télécharger/ me renseigner sur des plugins ext.. j’ai aussi pas mal de compte sur des sites marchands type Fnac et j’en passe.. évidemment mes comptes les plus importants liés à la santé, le gouvernement, mes comptes Google, et j’en passe.

Pour gérer tout ça j’ai depuis un moment un gestionnaire de mot de passe, personnellement j’utilise 1Password, je sais qu’il existe d’autre gestionnaire moins chère, peut être mieux sur des aspects, mais j’aime bien 1password, c’est simple efficace sa fonctionne et l’interface est très épuré.

Tout mes mots de passe sont différents pour chaque compte, par contre le hic c’est que tout mes comptes sont liés à un gmail que j’utilise depuis le collège.. je vais changer ça petit à petit avec en priorité mes comptes les plus à risque, vous me conseiller de procéder comment ?

À chaque fois qu’un passkey est disponible je l’active, donc sur mon compte Google, Microsoft ext j’ai un keypass.

J’ai aussi activé l’authentification à double facteur à chaque fois que c’est disponible, si c’est via otp j’enlève systématiquement via sms.

Enfin j’ai tout mes mots de passe dans 1password mais aussi dans Apple mot de passe, est ce une bonne chose à faire, dans l’idée ça serai d’avoir un backup mais niveau sécurité est ce contre productif ?

Si quelqu’un de calé pourrait me dire si je m’oriente vers la bonne direction, je suis complètement novice dans le domaine de la cybersecurité, par contre c’est un sujet qui m’intrigue et que je trouve important, si vous avez des conseils n’hésitez pas je veux au maximum améliorer mon setup sans rentrer non plus dans un système complexe.

Je pense que l’étape d’après sera d’acheter une yubikey et de lock mon 1password, et mes compte les plus important.

Merci pour votre temps !

reddit.com
u/Positive-Rub4930 — 8 hours ago

Complete email setup overhaul iCloud aliases + Hide My Email looking for feedback

Hey,

I've been reading up on cybersecurity quite a bit these past few weeks, and I've realized my email setup is the weak link in my system, even though everything else is fairly solid.

Current situation:

- 1Password with ~250 accounts, all with unique passwords rated "fantastic," Watchtower looking great

Passkeys enabled everywhere possible

- But... almost all 250 accounts are tied to 1-2 Gmail addresses (a main one from middle school, and one dedicated to audio plugin licenses I created 3 years ago)

- I'm 100% in the Apple ecosystem (iPhone, Mac, Apple Watch, iCloud+ 2TB)

- For email I've used Spark for years: smart inbox, clean Ul, everything in one place - but they've added Al features I don't use plus some bugs since, and the subscription is starting to feel like a burden. Apple Mail recently added "Send Later, so I'm considering switching to something simpler

What I've figured out / where I'm at:

At first I thought I'd need to create a different email address for every single account (not feasible, I don't have a year to spare for that). Then I discovered aliases, Proton Mail, SimpleLogin, and especially iCloudt's Hide My Email, which I already have access to through my subscription.

The system I'm considering:

A main iCloud address (never exposed publicly, given only to close family), and stable Hide My Email aliases organized by life category: health, finance, government, music licenses, collabs, school, transportation, tech/ gaming, entertainment/streaming. For shopping and classifieds, a disposable alias per site or per transaction.

My questions:

1. Does this system hold up long-term? Has anyone used Hide My Email for several years and can share their experience ?

2. Is having this many categories overkill, or not granular enough?

  1. For migrating the existing 250 accounts — my plan is to actively migrate the ~25 critical ones, and handle the rest gradually whenever I naturally log into them, with Gmail forwarding running in parallel in the meantime. Is that the right approach ?

  2. I'm planning to stick with 1Password for now (cross-platform, passkeys, Watchtower), and switch to Apple Passwords once it's more feature-complete in a few years. Any thoughts on that transition ?

5. Has a got a similar setup that works well ? What would you change ?

Thanks in advance I'm looking for something simple, secure, and that l'Il still be using 20 years from now.

And yeah I'm considerating yubikey, but i want to have advice before investing in it, thanks for all of you, thanks geek:)

reddit.com
u/Positive-Rub4930 — 2 days ago

Complete email setup overhaul iCloud aliases + Hide My Email looking for feedback

Hey,

I’ve been reading up on cybersecurity quite a bit these past few weeks, and I’ve realized my email setup is the weak link in my system, even though everything else is fairly solid.

Current situation:

1Password with ~250 accounts, all with unique passwords rated “fantastic,” Watchtower looking great


Passkeys enabled everywhere possible

But… almost all 250 accounts are tied to 1-2 Gmail addresses (a main one from middle school, and one dedicated to audio plugin licenses I created 3 years ago)

I’m 100% in the Apple ecosystem (iPhone, Mac, Apple Watch, iCloud+ 2TB)

For email I’ve used Spark for years : smart inbox, clean UI, everything in one place — but they’ve added AI features I don’t use plus some bugs since, and the subscription is starting to feel like a burden. Apple Mail recently added “Send Later,” so I’m considering switching to something simpler

What I’ve figured out / where I’m at:

At first I thought I’d need to create a different email address for every single account (not feasible, I don’t have a year to spare for that). Then I discovered aliases, Proton Mail, SimpleLogin, and especially iCloud+’s Hide My Email, which I already have access to through my subscription.

The system I’m considering:

A main iCloud address (never exposed publicly, given only to close family), and stable Hide My Email aliases organized by life category: health, finance, government, music licenses, collabs, school, transportation, tech/gaming, entertainment/streaming. For shopping and classifieds, a disposable alias per site or per transaction.

My questions:

1. Does this system hold up long-term? Has anyone used Hide My Email for several years and can share their experience ?

2. Is having this many categories overkill, or not granular enough ?

3. For migrating the existing 250 accounts — my plan is to actively migrate the ~25 critical ones, and handle the rest gradually whenever I naturally log into them, with Gmail forwarding running in parallel in the meantime. Is that the right approach ?


4. I’m planning to stick with 1Password for now (cross-platform, passkeys, Watchtower), and switch to Apple Passwords once it’s more feature-complete in a few years. Any thoughts on that transition ?

5. Has anyone got a similar setup that works well ? What would you change ?

Thanks in advance I’m looking for something simple, secure, and that I’ll still be using 20 years from now.

And yeah I’m considerating yubikey, but i want to have advice before investing in it, thanks for all of you, thanks geek :)

reddit.com
u/Positive-Rub4930 — 2 days ago

Looking for the best 32” 4K OLED 240Hz monitor (~$800 budget) – torn between 3 models

Hey everyone,
I’m currently looking for the best 32-inch 4K OLED 240Hz monitor within a max budget of around 800€.

I recently bought a LG G4 65”, which is absolutely amazing in terms of image quality… but unfortunately way too big for my bedroom setup. So I’ve decided to switch to a monitor instead.

My use case :

Gaming on PS5 (mainly)

Connecting my MacBook Pro M1 Max for work / editing / daily use

And in about a year, upgrading to a high-end gaming PC
The idea is to keep this display for a long time, ideally until OLED monitors become more “TV-like” in terms of brightness/HDR (closer to high-end TV nits), but I assume that will still take a few years.

Right now, I’m hesitating between:
MSI MPG 321URX (~640€)
MSI 322URX (~740€
ASUS PG32UCDM (~800€)

For those who have tested or compared these, is the ASUS really worth the extra ~150€ ? Or is the 321URX already the best value choice ?

Thanks in advance

reddit.com
u/Positive-Rub4930 — 6 days ago

Can’t export Raycast settings

Does anyone have this problems, i would like to export my Raycast settings & data to try the beta but it doesn’t work, « The data couldn't be read because it isn't in the correct format » .. I exported the way it’s should be, thanks for the help if someone have the time to advice me.

u/Positive-Rub4930 — 7 days ago