Securing your Top Secret Private Data
We live in a digital world of usernames, passwords, account numbers, pins and secret questions. Most people would have account numbers and passwords used for online banking, online credit card statements, superannuation account, PayPal, investment portfolios and other services linked directly to their money.
The problem with this is you either need to remember all of the account numbers and login details for each service, or store them somewhere in case your memory fails. Relying on memory is probably not a very good idea. The more services you have, the more chances you'll get something mixed up. And it's probably a good idea to change some passwords every now and then in case you get compromised (maybe someone looking over your shoulder when you logged in from a public place, maybe you used an untrusted computer which could've had a keylogger installed, etc).
So what do you do? Write them on a piece of paper and store them in a safe in your home? Possibly, although it needs to be a pretty serious safe (too heavy to steal, fire-proof, flood-proof). A piece of paper anywhere else would be a bad idea. Things can get lost or go missing and either end up in the wrong hands, or simply lock yourself out of all your services. Perhaps having a duplicate stored in a second place would help prevent the latter, but that just doubles the chance of loosing it.
How about storing this information digitally? Having all your private files in a text document on your laptop is asking for trouble (computers get hacked, laptops get stolen). But what about securing your file somehow? Perhaps with something like TrueCrypt that allows you to encrypt any file/folder using industry standard algorithms that have yet to be broken?
This could work, although there's a few things you need to be very careful about:
- Encrypted files are only as strong as the encryption key used to lock them. This means you need to use a very strong password (i.e. long and full of random letter and numbers).
- You need to make sure you never forget this long and complex password. If you do, you'll permanently lock yourself out of your own encrypted files. You either have to memorize this, or go back to step 1 - where do you store it?
- Files can get damaged, deleted, corrupted. You need to have reliable backups. Using something like Dropbox to store your encrypted file could work well here. Not only will your file be synchronized between your computer and the net, but Dropbox will also keep a revision history so in case TrueCrypt causes a corruption, you can easily rollback to an older version. But actively putting your top-secret file out there is like asking a bunch of bank thieves to have a go at your safe - winner takes all.
- All your data is now locked by a single password. If you access your encrypted file from a compromised computer with a keylogger installed, your password may fall in the wrong hands. Worse, if your computer is compromised, the temporary decrypted file may get transmitted to the other side of the world without your knowledge...
So what's the best solution to this problem? Well if you have a giant safe in your home/office, that's probably the easiest option. Otherwise you need to get a little creative. Maybe write things down on a piece of paper but use stenography to disguise the data (like take only every 3rd digit or 4th letter, the rest is just random filler, or have a paper template with holes in it that reveal the real characters and store this template in a different location).
Going down the digital path is dangerous. It's almost impossible to be sure that you're accessing your data from a secure machine... If you're really paranoid you may opt for something like TrueCrypt with a super complex password, and run it only from inside a Virtual Machine that you use for nothing else. To prevent keyloggers maybe you need to use a password and a secondary keyfile, or copy-paste a few parts of the password to confuse keyloggers...
Anyone else have any ideas that they're willing to share?