The tin foil in this hat may be affecting my brain, but lately I've been thinking over various disaster scenarios in which my laptop(s!) get stolen and all of my data is suddenly compromised. There was also this article: http://lifehacker.com/5445101/your-passwords-arent-as-secure-as-you-think-heres-how-to-fix-that Considering the fact that much of my research does and will take place in Zone 1 of Guatemala City makes me even more paranoid. Theft of the lappie is a super scary idea, so I've been considering various ways to mitigate this sort of potential risk. I am absolutely no expert on data security, so I'm just plugging the holes that I can find. Here's what I've been doing: 1. Using Keepass: (http://keepass.info/)
I've been using the same five passwords for about ten years now and its high time that I changed all of them to better ones. Of course, there's no way to remember long, randomly generated passwords, so Keepass is my new best friend. I've mentioned it before, but it really is amazing. I'm still in the process of changing all of my passwords to better ones and its turning out to be a massive project. I just realized not long ago that it can even store files, so I'm using it to store things like a PDF copy of my passport and other sensitive things that I may need access to while traveling. I'm keeping the databases in my Dropbox so that I may access them wherever. One thing I noticed on my recent trip to Guatemala was that many computers in internet cafes didn't necessarily have the .NET thing installed for Keepass to run. (I don't pretend to know what the .NET thingy is, but it is apparently not installed automatically everywhere around the world.) This left me without access to my Keepass database, so I solved this by using Portable Firefox and installing Xmarks (whose password I could actually remember. Note to self: change this one!). I like that Xmarks syncs my passwords around, but its really pretty insecure, considering that anyone who got ahold of my laptop or my flashdrive (which I am prone to losing) could just open up my Firefox installation and have access to all of my stored passwords. Boo. On to the next step. 2. Using a Firefox Master Password Double boo. This is a massive pain in the neck, as I have to enter the password every time I open Firefox, but it protects all of the other passwords. Firefox's password manager saves passwords in a way that's super easy to find. (Tools>Options>Security>Saved Passwords) I'm not using a master password for my desktop at home, as my apartment is fairly secure, but if the lappie disappears on the street, I don't want anyone to be able to easily get my passwords. This password is also stored in Keepass. 3. Lastpass (https://lastpass.com/)
I've disabled the password sync for Xmarks, as I'm also using Lastpass, which is a Firefox extension. It manages passwords as well, but does so through a webpage, although all of the data is encrypted locally before it leaves the computer. I'm still leery about storing things on it, so the important stuff still goes to Keepass and the things that I don't really care so much about, like my frequent flyer account, get stored in Lastpass. If it really works the way the developers claim, its a pretty good thing. Lastpass does autologin for sites once you log into it, which makes it handy. Its in beta, I believe, and isn't open source, so I imagine that someday the development team is going to start charging for it. 4. Stop checking "Remember Me" for anything.
No brainer. Just not a good idea, ever. 5. Experimenting with True Crypt (http://www.truecrypt.org/)
I don't store any super important documents on my computer, but there are some things that I'd like to keep encrypted, like the PDF copy of my passport, for example. True Crypt has a nice tutorial about how to make an encrypted file and I've made some test files for it. It seems to act just like a virtual disk when mounted and disappears when unmounted. It is going to take some more experimentation before I feel really comfortable with it. For example, what happens if you forget to unmount the virtual disk before shutting down the computer? I don't know, but I feel better knowing that important stuff on my computer is encrypted and the encrypted file is protected with another long, random password, also stored in Keepass. Further things to consider: I'm thinking about getting a laptop lock, one of those cable things. I do realize that this isn't going to stop determined people with bolt cutters, but it would be at least a small deterrent. At the archive in Guatemala City, I leave my lappie inside the reading room, as the risk of theft on the street is way greater than theft in the archive. The room is locked for lunch when we all leave, but it would probably be a good idea to anchor the lappie to the desk. (Plus, I've never seen people with bolt cutters in the archive...) My Linux box: I've installed Jolicloud on my netbook and I like it enough to keep it. Lamentably, I can't figure out how to use Keepass with it (which is hugely inconvenient), so I'm using Lastpass. Jolicloud has lots of "apps" that use Mozilla Prism to remember passwords. Before I started thinking about password security, I innocently checked the "remember" option, so that Prism would remember the passwords. I don't actually know how to disable this feature in Prism, so I'm stuck with the insecurity of that. I'm considering a clean install of Jolicloud and starting over, with an eye to not allowing Prism to remember passwords. Email: I like using a client for email (yes, its weird, I know), but will probably have to go back to manually entering the password everytime I need to read my mail in both Outlook and Thunderbird. Increased security apparently comes with increased inconvenience. Anyways, I'm hoping for the best and praying that the lappie doesn't ever get stolen, but if it does, I hope at least some of this will help mitigate potential catastrophes. Saludos!
I've been using the same five passwords for about ten years now and its high time that I changed all of them to better ones. Of course, there's no way to remember long, randomly generated passwords, so Keepass is my new best friend. I've mentioned it before, but it really is amazing. I'm still in the process of changing all of my passwords to better ones and its turning out to be a massive project. I just realized not long ago that it can even store files, so I'm using it to store things like a PDF copy of my passport and other sensitive things that I may need access to while traveling. I'm keeping the databases in my Dropbox so that I may access them wherever. One thing I noticed on my recent trip to Guatemala was that many computers in internet cafes didn't necessarily have the .NET thing installed for Keepass to run. (I don't pretend to know what the .NET thingy is, but it is apparently not installed automatically everywhere around the world.) This left me without access to my Keepass database, so I solved this by using Portable Firefox and installing Xmarks (whose password I could actually remember. Note to self: change this one!). I like that Xmarks syncs my passwords around, but its really pretty insecure, considering that anyone who got ahold of my laptop or my flashdrive (which I am prone to losing) could just open up my Firefox installation and have access to all of my stored passwords. Boo. On to the next step. 2. Using a Firefox Master Password Double boo. This is a massive pain in the neck, as I have to enter the password every time I open Firefox, but it protects all of the other passwords. Firefox's password manager saves passwords in a way that's super easy to find. (Tools>Options>Security>Saved Passwords) I'm not using a master password for my desktop at home, as my apartment is fairly secure, but if the lappie disappears on the street, I don't want anyone to be able to easily get my passwords. This password is also stored in Keepass. 3. Lastpass (https://lastpass.com/)
I've disabled the password sync for Xmarks, as I'm also using Lastpass, which is a Firefox extension. It manages passwords as well, but does so through a webpage, although all of the data is encrypted locally before it leaves the computer. I'm still leery about storing things on it, so the important stuff still goes to Keepass and the things that I don't really care so much about, like my frequent flyer account, get stored in Lastpass. If it really works the way the developers claim, its a pretty good thing. Lastpass does autologin for sites once you log into it, which makes it handy. Its in beta, I believe, and isn't open source, so I imagine that someday the development team is going to start charging for it. 4. Stop checking "Remember Me" for anything.
No brainer. Just not a good idea, ever. 5. Experimenting with True Crypt (http://www.truecrypt.org/)
I don't store any super important documents on my computer, but there are some things that I'd like to keep encrypted, like the PDF copy of my passport, for example. True Crypt has a nice tutorial about how to make an encrypted file and I've made some test files for it. It seems to act just like a virtual disk when mounted and disappears when unmounted. It is going to take some more experimentation before I feel really comfortable with it. For example, what happens if you forget to unmount the virtual disk before shutting down the computer? I don't know, but I feel better knowing that important stuff on my computer is encrypted and the encrypted file is protected with another long, random password, also stored in Keepass. Further things to consider: I'm thinking about getting a laptop lock, one of those cable things. I do realize that this isn't going to stop determined people with bolt cutters, but it would be at least a small deterrent. At the archive in Guatemala City, I leave my lappie inside the reading room, as the risk of theft on the street is way greater than theft in the archive. The room is locked for lunch when we all leave, but it would probably be a good idea to anchor the lappie to the desk. (Plus, I've never seen people with bolt cutters in the archive...) My Linux box: I've installed Jolicloud on my netbook and I like it enough to keep it. Lamentably, I can't figure out how to use Keepass with it (which is hugely inconvenient), so I'm using Lastpass. Jolicloud has lots of "apps" that use Mozilla Prism to remember passwords. Before I started thinking about password security, I innocently checked the "remember" option, so that Prism would remember the passwords. I don't actually know how to disable this feature in Prism, so I'm stuck with the insecurity of that. I'm considering a clean install of Jolicloud and starting over, with an eye to not allowing Prism to remember passwords. Email: I like using a client for email (yes, its weird, I know), but will probably have to go back to manually entering the password everytime I need to read my mail in both Outlook and Thunderbird. Increased security apparently comes with increased inconvenience. Anyways, I'm hoping for the best and praying that the lappie doesn't ever get stolen, but if it does, I hope at least some of this will help mitigate potential catastrophes. Saludos!
0 comments:
Post a Comment