The problem this article touches on is huge, because everybody who has a computer is affected and almost nobody takes the necessary precautions. Especially non-technical computer users can easily lose years worth of important data.
I've tried to set up contingency plans for the cases that I lose access to my:
- phone (which contains Google Authenticator with plenty of important logins; unfortunately some of my 2FA is still based on SMS)
- my laptop
- my Yubikey
- my wallet (with ids and a credit card)
due to theft, damage (house burns down) or simply loss.
Another under-appreciated risk: losing my memory (my master passwords are only in my mind - what happens if suffer a head injury and forget?)
Redundancy is one countermeasure: Have more than one bank account + stock portfolio, more than one credit card (servers might go down if a credit card is blocked) and physical devices (phone, laptop) in store to stay operational in case of an emergency.
Full machine backups + regular uploads "to the cloud" for raw data; occasional transfers to (multiple) external hard drives.
I don't think there is a way around a safe physical space with printed backup codes on it. Ideally not in the same house - maybe with a bank?
A list of instructions for numbers to call for account recovery or blocking. Which information will I have to provide?
In a similar vein: what happens to my data after I die? How would my (non-technical) family be able to access my pictures and writings? A digital inheritance would be prevented in my security set if I don't prepare.
This space is fascinating to explore, the zeros and ones people have stored on their devices are incredibly valuable to them and this treasure is poorly protected. Generally speaking: No backups, weak passwords, outdated software, old hard drives ... risks abound
Google surely has very capable security people, but right now my account there is the central vector of attack, most of my passwords can be reset through my email, a huge portion of my communication runs through Gmail, Whatsapp is backed up to my Drive, most of my pictures are on Google. It's probably a good idea to disentangle the situation a bit to be prepared for the case that Google's fortress gets breached one day.
Without compromising your security - I'd love to know how others approach their personal IT security challenges?
> Without compromising your security - I'd love to know how others approach their personal IT security challenges?
Most of my security is based on OpenPGP keys stored on a Yubikey. In case the first one is broken/lost I've got another one. If both are lost there is a master copy on an offline computer that can be used to provision more Yubikeys.
The key unlocks access to passwords stored in pass. Because pass is based on git and gpg can be used to access SSH then the same yubikey is used to pull/push changes to pass and read encrypted passwords. On both the laptop and the phone (Password Store).
Data on the computer is LUKS-encrypted, unlocked by the Yubikey. Full backup of my laptop's SSD is done via btrfs send/receive to a raid1 array of 3 disks (raid1c3) on a regular intervals. A small subset if very important data (documents) is also backed up via restic to S3 and Backblaze.
I try to "backup" as much of my work as possible by releasing it as open-source (where it's preserved by the Github etc.) or publishing it on a web-site (where it's preserved by archive.org).
> In a similar vein: what happens to my data after I die? How would my (non-technical) family be able to access my pictures and writings? A digital inheritance would be prevented in my security set if I don't prepare.
I've been thinking about this lately and maybe it's not a popular opinion but... would people really need your data when you die? I get access to photos (my SO has the PIN code) but everything else? Maybe this is just digital junk? Who would enjoy browsing terabytes of my data looking for... what exactly?
This sounds like my dream setup. Have you written about it somewhere in more detail or could you recommend some resources that you've used for implementing the solution?
> Most of my security is based on OpenPGP keys stored on a Yubikey. In case the first one is broken/lost I've got another one. If both are lost there is a master copy on an offline computer that can be used to provision more Yubikeys.
Sounds like a good start, I'm going to have to do much more reading on this, I use my YubiKey just as a browser 2nd factor for a few 2FA apps.
In general I'm not sure how the YubiKey stores keys and till now I had no idea you can backup YubiKey
> The key unlocks access to passwords stored in pass. Because pass is based on git and gpg can be used to access SSH then the same yubikey is used to pull/push changes to pass and read encrypted passwords. On both the laptop and the phone (Password Store).
I'm not sure about storing the master keychein file in Git, but the workflow sounds interesting (I didn't fully understand the paragraph though).
> Data on the computer is LUKS-encrypted, unlocked by the Yubikey. Full backup of my laptop's SSD is done via btrfs send/receive to a raid1 array of 3 disks (raid1c3) on a regular intervals. A small subset if very important data (documents) is also backed up via restic to S3 and Backblaze.
This is next level and not of immediate interest to me. I was looking at something simpler like: https://cryptomator.org/
> In general I'm not sure how the YubiKey stores keys and till now I had no idea you can backup YubiKey
Well, actually you can't. You can backup keys if you create them in software and then just copy then to YubiKeys instead of moving them there. If you do that in an offline computer there is no risk of any malware stealing your keys in mid-process: https://news.ycombinator.com/item?id=21701488
Setting up Yubikey and OpenPGP took me some time reading all resources on the net but once done this is just working without any hiccups.
> I'm not sure about storing the master keychein file in Git, but the workflow sounds interesting (I didn't fully understand the paragraph though).
If it's encrypted there is no much harm to be done here. The only leaking info is that by default pass uses filenames based on domain names so if you have credentials for news.ycombinator.com they'd be in "news.ycombinator.com.gpg" file. For me a private repo for this use case is OK.
> This is next level and not of immediate interest to me. I was looking at something simpler like: https://cryptomator.org/
Yep, I do store external disk passwords in pass too. Udiskie can use a decryption command so when I put something like this in the config: `password_prompt: ["pass", "devices/{id_uuid}"]` it will grab the password from password store. This has an added benefit that I won't forget the password (it's stored alongside all others) and it's always valid (it's checked on each boot by udiskie).
I wonder if you push your Password Store to GitHub? Its encryption is based on RSA with around 128 bits of security with current keys. It's unclear if it's going to stand beyond 2 decades.
I might be paranoid but with clouds I would be more comfortable with AES-256. If RSA is a must, maybe RSA 7680.
For the record there are quite a few new algos in GPG, most notably ed25519. While RSA 7680 offers 192 bits of security [0] ed25519 on the other hand is offering 128 bits of security. GnuPG 2.3 will have ed448/goldilocks available [2] and that should offer 224 bits of security [3] so in theory it should be better than RSA 7680.
I don't mind putting my encrypted passwords in a private GitHub repo but I understand the concern.
> losing my memory (my master passwords are only in my mind - what happens if suffer a head injury and forget?)
Not just a head injury, this can easily happen if you find your keychain 10 or 20 years later. I don't think that there is a good solution to it. Maybe biometric data, but then again, I want to have a control over when my data is accessed and in many countries it's legal for law enforcement to make you use your finger or face..
Physical safes don't lock things the way cryptography does. You can always get in, especially if you're the legitimate owner because that way you don't need to worry about doing it in secret and not making a lot of noise.
Start by not using Google Authenticator. It's outdated and has security vulnerabilities allowing malicious apps to extract your code. And it's impossible to backup without a rooted device. Anything that supports "Google Authenticator" really means any TOTP app is supprted, so for example andOTP on Android may be a good choice. Or you can use Authy or 1Password if you trust them.
Phone broke and I must have typo while doing a regular password change - now I have no way to again log into my account as i can't provide the 2FA and none of the other options work (providing old contact emails, phone code, backup email, ... All doesn't matter just because I don't have the authenticator).
and closely related: the "digital graveyard", there's this Wired article of a guy who recorded his father and trained a voice model on his written communication [0]. A place to go if we want to be reminded of the voice, handwriting, face or attitude of a loved one. Faraway stone plates on crowded graveyards don't seem appealing to me in a world where families are often dispersed over the globe.
something like aegis is much better than googles authenticator. you can backup your keys and store them somewhere secure (veracrypt or whatever) and it also lets you choose a custom icons which makes it a bit easier to see what is what at a glance
I would first write down the master passwords, and store them somewhere safe.
It does not have to be fort knox safe, enough if stored at a trusted place which has no direct relation with you (in my case it is my best friend I trust with my life)
I've tried to set up contingency plans for the cases that I lose access to my:
- phone (which contains Google Authenticator with plenty of important logins; unfortunately some of my 2FA is still based on SMS)
- my laptop
- my Yubikey
- my wallet (with ids and a credit card)
due to theft, damage (house burns down) or simply loss.
Another under-appreciated risk: losing my memory (my master passwords are only in my mind - what happens if suffer a head injury and forget?)
Redundancy is one countermeasure: Have more than one bank account + stock portfolio, more than one credit card (servers might go down if a credit card is blocked) and physical devices (phone, laptop) in store to stay operational in case of an emergency.
Full machine backups + regular uploads "to the cloud" for raw data; occasional transfers to (multiple) external hard drives.
I don't think there is a way around a safe physical space with printed backup codes on it. Ideally not in the same house - maybe with a bank?
A list of instructions for numbers to call for account recovery or blocking. Which information will I have to provide?
In a similar vein: what happens to my data after I die? How would my (non-technical) family be able to access my pictures and writings? A digital inheritance would be prevented in my security set if I don't prepare.
This space is fascinating to explore, the zeros and ones people have stored on their devices are incredibly valuable to them and this treasure is poorly protected. Generally speaking: No backups, weak passwords, outdated software, old hard drives ... risks abound
Google surely has very capable security people, but right now my account there is the central vector of attack, most of my passwords can be reset through my email, a huge portion of my communication runs through Gmail, Whatsapp is backed up to my Drive, most of my pictures are on Google. It's probably a good idea to disentangle the situation a bit to be prepared for the case that Google's fortress gets breached one day.
Without compromising your security - I'd love to know how others approach their personal IT security challenges?