Introduction
Password manager databases, asynchronous keys, digital signatures, and MFA recovery passcodes are designed to identify you, decrypt files, or help you recover from a failed 2FA login. Care must be taken to protect these digital items so they do not fall into unwanted hands.
The below techniques are not a cure all, and other options should be considered. But, these are basic beginning steps that can be taken to help keep your data private.
What ever options you choose, always make sure to BACKUP your data on a flash drive and store it in a “real world” safe. If keys, digital signatures, databases are lost or corrupted, there is no method to recover them.
Method 1 – Hide the Folder
Place your password database or asynchronous keys in a hidden folder. In Linux, to make a hidden folder, use a dot in front of the directory name like”.ssh”. To make a folder hidden in Windows, right click the folder, select properties, to go the general tab and select “hidden”. Although this method does not provide much protection by itself, it is a good starting point.
Method 2 – Set File Permissions
Change permissions on the files or folder so that only your account can access it. Use an explicate deny to all users including the system and administrator accounts. In Linux, this means changing a file’s rwx permissions to something like 400. In Windows, files are inherited by the parent folder. Right click on file, select properties, select, security tab. Under the “Group or username” section, select the edit button. Highlight each account, except your account, and select “Remove”.
Method 3 – Print a Hard Copy
After initially setting up an account on an application or website, you may given recovery or one-time authentication passcodes. This is an backup procedure to grant you access to the application in the event of an emergency that your regular MFA fail to work. Rather than printing these codes to PDF and keeping them on your PC. Print the passcodes to paper and store them off the network in a physical “real world” safe.
Method 4 – Add a Passphrase
In asymmetric cryptography, you have a public key and a private key. The private key is to remain confidential. To help protect your private key, you can add a passphrase to it. A passphrase is a password for your private key. When used in conjunction with other security features, it may help slow down attackers. They will have to crack, yet another password, before they can access the key.
Method 5 – Encrypt Files
Store important files in an encrypted folder. In Windows, any file dropped into an encrypted folder will automatically be encrypted too. Simply right click on a folder, select properties, go to general tab, select advanced attributes, and select “Encrypt contents to secure data”. The Microsoft OS will automatically take care of encrypting and decrypting the folder and contents when it is accessed locally.
Ensure that your password manager database is encrypted. If you are using KeePass it is automatically encrypted when the database is generated.
Method 6 – Flash Drive (preferred method)
Store the private key or database on a portable flash drive or YubiKey and only plug it in to your computer when you need to access it. For added safety, encrypt the flash drive.