Jump to content


Photo

Securing my shit


  • Please log in to reply
15 replies to this topic

#1 Warped655

Warped655

    Scanner

  • Salty Members
  • 3516 posts
  • LocationSouthern Indiana (unfortunately)

Posted 30 January 2013 - 01:09 AM

OK. I have a REALLY sensitive document on Google Docs. I realize this is fucking stupid security wise. but its also incredibly important that I not lose the data either.

 

So I looked up some options, I found TrueCrupt. Made a Truecrypt drive and stored this singular file with a decently hefty password with all the bells and whistles.

 

Only thing I'm concerned about though is that on the cloud I could access this file from anywhere and I would also never have to worry about losing it to a failed harddrive. Now that is a concern. I suppose I could store the same data on my media drive Which I plan on doing but is there not a possibility that both drive could fail me at the same time? Unlikely, but a possibility.

 

And I'm also considering storing a back up of it in a zip/rar file with a crazy long password on google docs. but I'm still fairly concerned that someone could retrieve it that way.

 

Anyway, any suggestions on this topic? I'd really appreciate it. Lots of things I'm probably fucking stupid about security wise and I'm getting around to fixing those issues now.


sig.gif


#2 goldenratio

goldenratio

    lookin fresh to death

  • Salty Members
  • 7630 posts
  • Location༼ຈ ل͜ ຈ༽

Posted 31 January 2013 - 07:24 PM

If it's encrypted why do you care if someone can find it?


i'm a robot is what the deal is


#3 Warped655

Warped655

    Scanner

  • Salty Members
  • 3516 posts
  • LocationSouthern Indiana (unfortunately)

Posted 31 January 2013 - 08:47 PM

My lack of knowledge on how secure I am. The only thing I've heard about security is that you are never completely secure, you are just at varying levels of risk.

 

I want to know how I can become more secure than I already am. If utilizing a zip file is an unsafe way to store sensitive data, etc.

 

For a long time I used really shit passwords. But I've noticed that the internet is becoming less and less secure as computers get more and more powerful and more hacking 'tricks' and methods are developed. So I got paranoid and I'm starting to lock shit down. But my lack of knowledge on the subject makes me completely unaware of exactly how secure I am and if I'm forgetting anything crucial/have cracks in my methods.

 

I've attempted to learn more about it and to come to a better understanding of it on my own but I feel its a fairly complex topic and grasping it on my own will be difficult.

 

I want to find the best balance of security/ease of use/less risk of data loss.


sig.gif


#4 ATARI

ATARI

    Lichens!

  • Salty Members
  • 21288 posts
  • LocationLichens, lichens

Posted 31 January 2013 - 10:10 PM

Personally I recommend saving all your important documents as a hidden layer in .tiff pictures of your granny



#5 Warped655

Warped655

    Scanner

  • Salty Members
  • 3516 posts
  • LocationSouthern Indiana (unfortunately)

Posted 31 January 2013 - 10:29 PM

Even as a joke that is a shockingly decent suggestion.

 

Except the .tiff part. I have not seen a .tiff in a long time.


sig.gif


#6 goldenratio

goldenratio

    lookin fresh to death

  • Salty Members
  • 7630 posts
  • Location༼ຈ ل͜ ຈ༽

Posted 31 January 2013 - 10:51 PM

Is this "really sensitive" document something with a ton of personal info, credit card/bank info, stuff like that? 

 

I use a program called KeePass, which is a program designed to store passwords, but it can actually story any arbitrary data. I have it set up with as secure a password as I can manage, and I have that stored in dropbox. Then in dropbox, I have two-factor authentication enabled (also have it enabled on my gmail account which is attached to the dropbox acct). Two-step authentication is your best, most secure option at this point in time that I am aware of. Basically you usually give it your phone number, and occasionally when  you log in (and especially if you log in from a new IP (ie. if some hacker is trying to hack your account)) you'll receive a text message with a code you enter before you can access the site. Here's some info about two-step auth for dropbox and gmail:

 

https://www.dropbox.com/help/363/en

http://googleblog.bl...y-for-your.html

http://en.wikipedia...._authentication


i'm a robot is what the deal is


#7 Warped655

Warped655

    Scanner

  • Salty Members
  • 3516 posts
  • LocationSouthern Indiana (unfortunately)

Posted 01 February 2013 - 01:29 AM

Yeah I've heard of Keepass but I've heard even they were broken into once. Meaning that its possible that if someone got into this databases, they'd have access to every password you use.

 

But yeah, maybe I shouldn't dismiss it. I should probably at least look into it.


sig.gif


#8 Warped655

Warped655

    Scanner

  • Salty Members
  • 3516 posts
  • LocationSouthern Indiana (unfortunately)

Posted 01 February 2013 - 01:31 AM

oh I must be thinking of a different program.


sig.gif


#9 goldenratio

goldenratio

    lookin fresh to death

  • Salty Members
  • 7630 posts
  • Location༼ຈ ل͜ ຈ༽

Posted 01 February 2013 - 02:18 AM

There are different ways to secure the keepass program. I use an external keyfile, and I don't remember the details because it was quite a while ago, but I think there are options for how "secure" that keyfile is. Of course the key here is to have a really good, long, complex master password. If you are looking for absolute security, you won't find it, because it doesn't exist. I'm not sure how the password itself is encrypted, but it is very secure and likely uses a method that makes rainbow tables or brute forces impractical (it would take supercomputers years to crack it, and nobody cares that much about your passwords). 

 

I don't know if it's ever been broken or broken into, but that, combined with two-factor authentication means that it would be very very difficult to even get ACCESS to this keyfile, let alone the computation necessary to crack the keyfile itself. It is certainly more secure than google docs, although turning on two-factor auth for that would probably do the trick. 

 

Definitely read through this feature list: http://keepass.info/features.html


i'm a robot is what the deal is


#10 goldenratio

goldenratio

    lookin fresh to death

  • Salty Members
  • 7630 posts
  • Location༼ຈ ل͜ ຈ༽

Posted 01 February 2013 - 02:39 AM

Oh also, I was just reading those features and I remember how I set mine up: I have a keyfile, and a password, so you need both to open my program. If you want even more security, you can store the keyfile outside of dropbox, that way even if dropbox is compromised, they would need your keyfile to be able to open the program. You can keep the keyfile on a usb drive, cd, whatever (though I'd keep multilple copies of it in your house in case you lose one of the medias), even on your normal hard drive if you want, but you can avoid ever putting that keyfile "on the internet" in which case someone would need physical access to your computer/keyfile (in addition to your password) to access the program. If you use two-factor auth on dropbox, and don't use program but instead only access it online (meaning if someone sits down at your physical computer they can't just take all your stuff out of dropbox), I would say your info would be as secure as you probably can get it, at least for free. 

 

You can probably buy hardware, like an external drive that's hardcore encrypted, but again if the drive fails, it's all gone. There may be online secure document storage as well, likely not free, but how trustworthy they are is hard to say.


i'm a robot is what the deal is


#11 Warped655

Warped655

    Scanner

  • Salty Members
  • 3516 posts
  • LocationSouthern Indiana (unfortunately)

Posted 01 February 2013 - 02:42 AM

its the back-up vs security issue there.

 

They harder you make it for people to hack your shit. the easier you make it for you to lose access to it yourself.


sig.gif


#12 Warped655

Warped655

    Scanner

  • Salty Members
  • 3516 posts
  • LocationSouthern Indiana (unfortunately)

Posted 01 February 2013 - 02:44 AM

My brain isn't perfect. I can totally see myself forgetting the long password I used for my truecrypt thing. In which case I WOULD be screwed in a way. Its not entirely difficult for me to remember though. but there's always risk that my brain will fail in some way to remember it.


sig.gif


#13 goldenratio

goldenratio

    lookin fresh to death

  • Salty Members
  • 7630 posts
  • Location༼ຈ ل͜ ຈ༽

Posted 01 February 2013 - 02:54 AM

If you are confident in trying the program, the best thing I can suggest is to use it store all your site passwords, but also, CHANGE all your site passwords. The program has a password generator, that will generate 256-bit secure passwords of long, random strings of characters. They are very good passwords, but of course impossible to remember. This will basically require you to open KeePass daily, which should help you to remember your long-ass master password. 

 

Personally I use the old "password format" sort of paradigm. So I have a "base" password, say something like 55butts55. Then, for each site I'm creating  a password for, I use initials or the site name (so for google, say, you'd use "google") or something specific to the site itself, and then modify the base password with this info. So maybe I'd do something like "[email protected]@google". That's a crazy long password, but super easy to remember, but also, it allows you to use totally different password for every site, but in a way that's really easy to remember or even guess. If you know your base (I change my base once a year, and it's not much of a problem), you can try a few possibilities (did I use "google", or "g"? Or "gmail"? Not a big deal to try em). 

 

Anyway, my point is just that you can utilize one of the better features of KeePass, which is being able to generate really secure, random passwords but not have to worry about storing them or writing them down for forgetting them, while at the same time forcing yourself to really commit to memory a really super secure master password. It's a lot of work, at least it sounds like it, but if you are really serious, a month from now you'll be set. 

 

Also, I'm not a security expert AT ALL. You might try to find some forums or communities specifically about this kind of thing and ask them for ideas. There might even be services for storing documents securely. I don't know how serious you are or whether it warrants something like that, but for real, enabling two-factor auth for your google account(s) would likely be exceedingly sufficient.


i'm a robot is what the deal is


#14 esiann

esiann

    destroyer of mayos

  • Salty Members
  • 1145 posts
  • LocationPennsylvania

Posted 01 February 2013 - 05:22 AM

are you really so paranoid that you wouldn't write down a passphrase using UV ink or your own urine or something, or make it your name plus your zip code run through a rare antique decoder ring, or carve it into something you're likely to hold onto for a while, or convert it to Morse code and use dots to represent the Morse code and selectively remove nubs from the underside of your passenger-side car mat

 

I mean, any threat to your digital security won't have access to you, it'd be strangers if anyone



#15 goldenratio

goldenratio

    lookin fresh to death

  • Salty Members
  • 7630 posts
  • Location༼ຈ ل͜ ຈ༽

Posted 01 February 2013 - 06:00 AM

I have a firebox with all my important shit (car title, birth cert, social security card, rare valuables) that has my ultra secret defcon 1 password on it. It's the one I use on keepass. If someone finds that, I'll already be dead. 


i'm a robot is what the deal is


#16 ATARI

ATARI

    Lichens!

  • Salty Members
  • 21288 posts
  • LocationLichens, lichens

Posted 01 February 2013 - 05:06 PM

maybe you already are........., friend






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users