feat: Adds Security notes.

.prettierrc.yaml

@@ -0,0 +1,2 @@
+proseWrap: always
+printWidth: 80

Security/PasswordManager.md

@@ -0,0 +1,80 @@
+# Password Manager
+
+This document describes my current password manager along with past managers.
+
+## Proton Pass
+
+My current password manager of choice is Proton Pass, this is where all
+passwords have been migrated to starting late 2024.
+
+Proton pass also stores 2Fa secrets and recovery codes for services that I use
+2Fa with, however I do _NOT_ use Proton Pass for TOTP codes, that is done with
+the Yubikey Authenticator app.
+
+### Positives of Proton Pass
+
+- Email aliases
+- Uses PGP encryption (however they hold the private keys).
+- Includes apps for macOS and iOS (my primary operating systems).
+
+### Downsides of Proton Pass
+
+- Keyboard shortcuts (it has none).
+  - To work around this, I install as a PWA (progressive web app), and use the
+    Vimium extension to navigate with keyboard.
+- Vendor lock in
+  - Requires a subscription, but I use their mail client / services anyway.
+
+## Yubikey Authenticator
+
+Yuibikey Authenticator is used with my yubikey's. It stores passkeys, my `pgp`
+keys, signing certificates, etc. It is used to require a hardware bound device
+to important services that I use, such as banks, iCloud, etc.
+
+All TOTP (time based one time passwords, the 6 digit codes they ask for when
+using two factor authentication [2fa]) should be managed by Yubikey
+Authenticator. They were previously managed in Proton Pass, however using a
+yubikey requires the hardware key to be in my possession and activated with a
+security pin in order to use the TOTP values.
+
+The 2Fa secrets are stored in Proton Pass, so that they can be setup on my
+backup yubikey and / or setup on other password managers in the future, if
+desired.
+
+> Note: As of the time of this writing, I'm very new to using yubikey's so I
+> don't have good pros / cons of this solution yet.
+
+## Gopass
+
+Gopass is terminal based password manager that uses `pgp` encryption.
+
+Gopass stores passwords in `git` repositories, all passwords are encrypted with
+my `pgp` keys. This stores passwords that I want / need to get to quickly and
+easily when working in my terminal. It is not a complete list of passwords as
+there's not great integrations with browsers.
+
+Most passwords I store in Gopass are duplicated to Proton Pass as that is a more
+user friendly interface in the event that something happens to me and someone
+else needs to access my passwords.
+
+`Gopass` is where most passwords are stored for internal services that run on
+the company servers. It does require that `pgp` keys are setup to use it, which
+may be more useful now that the `pgp` keys are stored on my yubikey's, however I
+could not completely rely on this password manager (especially when setting up a
+new computer) because I don't initially have access to `gitea` (my internal git
+server) until some setup is done on a new machine.
+
+### Cons of Gopass
+
+- If you lose access to your `pgp` keys you will loose access.
+- Migrating to new `pgp` keys is a bit of a PITA.
+
+## Previous Password Managers
+
+- pwSafe (still has some company passwords stored in it from when the company
+  was started)
+  - Not all passwords have been migrated, so this needs to stay around.
+- macOS/iOS Passwords (all passwords have been deleted from this manager, except
+  Proton's password)
+  - All passwords deleted 03/2025, except proton (kept proton password, encase
+    it's needed when setting up a new machine).