Setting Up Accounts

Recommended Account Setup

Get a Proton Mail account.
1. The free tier is pretty decent and suffices our purpose of a privacy oriented work email account.
2. We'll not be using this to communicate with peers. We'll do team coordination over other IM apps like telegram etc.
3. We'll be using this account mainly for signing up to coding related websites/apps and performing account related operations (such as password resets etc) on those accounts.
4. At the very least, make sure to add your phone number for account recovery.¹
Get a Bitwarden account using the proton mail account as obtained in step 1.
1. As a developer, we'll be required to manage a lot of keys. Bitwarden is just indispensable for managing keys securely.
2. The crucial link in the chain is your bitwarden master password. It is indeed really important because all your other credentials etc are protected only by this. So if there is one password that you have to manage and manage it really well, it is this.
3. Bitwarden clients are available in a number of places. Be sure to download the super handy desktop client which we will be using as SSH agent for cloning git repos.
4. Log in to your bitwarden vault and securely store your protonmail account recovery codes. Basically, from this point on, bitwarden becomes your single point of contact for storing all passkeys, credentials, backup codes etc. So that the only headache becomes of managing bitwarden account itself.²
5. With bitwarden webvault (basically the bitwarden browser extension) you can even manage passkeys³ for websites that support passkey based login.

Footnotes

Be advised that since proton mail shares the burden of managing decryption keys with the users, it is our job to manage our account recovery info. At worst, we can use the registered phone number to regain access to an account, without access to previous emails. To decrypt previous emails, we would also need to manage some backup codes. For which we will use bitwarden.

This is a sort of all-eggs-in-one-basket approach but managing multiple passwords / passkeys / recovery codes is very fragile in itself. So in this case, we opt for managing one thing, and managing it well. Our bitwarden vault, that is.

A passkey is just another login mechanism besides email+password. When logging in with email+password, we have to produce both. When logging in with passkey, we only have to produce the passkey. The catch being, that passkeys aren't something we can manually manage, like we can manually manage email+password. We can store the latter in our heads. But we can't store the former in our heads. We need an app like bitwarden to manage our passkeys for us. The passkeys are protected by, again, the one email+password that is used to log in to our bitwarden vault.