Jacob Kaplan-Moss

My "personal security" plan

I wrote this post in 2007, more than 16 years ago. It may be very out of date, partially or totally incorrect. I may even no longer agree with this, or might approach things differently if I wrote this post today. I rarely edit posts after writing them, but if I have there'll be a note at the bottom about what I changed and why. If something in this post is actively harmful or dangerous please get in touch and I'll fix it.

My personal security plan

Prompted by recent reading on cryptography and computer security, I’ve been rethinking my pretty lax personal security plan. Right now I’m doing a number of pretty stupid things, including reusing just a couple passwords (“high” and “low” security), using browser/keychain password remembering too much, and storing important documents (tax returns, etc.) unencrypted.

A co-worker just had his laptop stolen, and I’ve realized just how screwed I could be if that happens to me.

So, I think it’s time to rethink how I’m doing personal security. Taking to heart the lesson that the best security is open, I figure I’ll post my plans publicly for comment.

Goals

In Applied Cryptography, Schneier repeatedly points out that the level of security you use out to be appropriate for the “value” of your secrets. I don’t have any really valuable secrets, and I’m not all that wealthy. There’s not any reason to suspect that I’d be personally targeted by any entity with appreciable resources. Keeping the NSA out of my password file just isn’t worth the trouble.

No, my goals are far more pragmatic. My personal data needs to be secure enough to keep “casual” attackers out. The most likely scenario is one involving large-scale attacks – a breached password file somewhere I’ve got an account; a botnet attack on my server, someone sniffing a password on an open Wifi network, etc. In these types of attacks, anyone with reasonably good security will be passed over in favor of those who’ve got none.

The main goal really boils down to convenience: the time I’d need to spend cleaning up from a server breach or identity theft would “cost” me far more than any stolen data or money. Identity theft in particular can take months or even years to recover from; I’m far more scared about the time then about losing my meager savings. Ditto a server breach; there’s nothing there worth stealing, but I’d have to spend at least a week cleaning up after a breach, and that would just suck.

Practical steps

Given these relatively modest goals, I plan to do a few things:

  • Stop reusing passwords.

    I’ll start using a secure password manager. I’ve looked at KeyPassX, which is fine except for the shitty UI. I’d love something that fits better with the Mac UI; Quicksilver integration would be fantastic.

    I’m a bit suspicious of OS X’s Keychain, so I don’t think I’ll use that.

    I’ll generate each password randomly, either with a generator or by hashing the site’s URL with some salt.

    I’ll use a strong (160-bit or greater) master password. Probably a passphrase since I should be able to memorize a short phrase easier than a random string. If I’m rembering correctly, English has about 1.5 bits of entropy per character, that means I’ll need something like a 100-character passphrase.

    I’ll need to go through web sites one by one and convert passwords; that’ll be a pain, but worth it.

    I’ll need to store backups of my passwords since a disk loss could mean I’m hosed. I’m going to keep the master copy on my laptop, but I’ll make automatic backups onto a USB stick, my iPhone, my personal server, and my backup server. That should ensure I never lose it. Of course, that means I need to be double-plus-ultra-sure that my keyphrase is good.

  • Stop “remembering” passwords anywhere except the password manager. This means turning off Keychain, Firefox’s password manager, etc.

  • I’m not sure what I’m going to do about shell account passwords (and especially the root password on my server). I don’t want to have to type random passwords each time, but using SSH keys makes the damage from a stolen laptop greater.

    So I either need to either start use different passphrases for my shell passwords while stopping my use of SSH keys, or else use random passwords with SSH keys, and figure out a good way to protect said keys. I’m leaning towards the latter: random shell passwords with SSH keys protected by a good passphrase.

  • Set up a VPN and use it any time I’m at a public access point.

    OpenVPN would be easiest here, but unfortunately iPhones don’t support TLS VPNs, so I’ll need to figure out something like PoPToP. Yuck.

  • Store important files encrypted. I’d like to use an encrypted disk image on my laptop, but I’m not sure if the security is all that great (I seem to recall from my iPhone hacking that cracking encrypted DMGs isn’t all that hard). Also, I’m not sure if said images can be mounted under other OSes; I might need to access ’em on my Linux boxen.

    There’s got to be a cross-platform disk image tool based on openssl; I need to look into that.

Meatspace

As I said above, perhaps my biggest concern should be identify theft. To that end, there are a couple of things I need to do in meatspace:

  • Place a fraud alert on my credit report. These unfortunatly only last for 90 days – thanks, Congress! – so I’ll either need to remember to renew every quarter or pay for a company like Debix to do it for me.
  • Start shredding my bills and such. It’s silly that I don’t do this already.

Whatdayathink?

I wanted to post this publicly so I can get some eyes on it. Am I missing anything here? Is there a big weakness I’m overlooking?

It would also be cool if this could start a discussion of personal security plans. Anyone out there want to post your own security plan?