loading…
Personal Security
My approach to personal cyber security
Diagram
PASSWORD MANAGER
KeePass is an open-source and free password manager that stores data in an encrypted database locally.
I use KeePassXC on computers and Keepass2Android on mobile devices.
Within the database, you can configure multiple security factors. In my case, I use a password, a key file, and physical keys.
Key File: A key file that acts as a second authentication factor. This file is stored securely and locally on trusted devices, never on the internet or in the cloud.
Physical Keys: For even stronger protection, I use two YubiKeys. These physical keys function as multi-factor authentication devices. In my setup, I use the challenge-response method, where the YubiKey generates a unique response to a challenge each time I try to access my passwords and requires a physical touch. This ensures that even if someone obtains my password and key file, they still cannot access the database without physically possessing the YubiKey.
This combination of password, key file, and physical keys ensures that my password manager is robustly protected against unauthorized access, providing comprehensive and reliable security.
2FA AUTHENTICATOR
I use Yubico Authenticator, an application developed by the creators of the YubiKeys, which generates time-based one-time authentication codes using the TOTP (Time-Based One-Time Password) standard. This approach adds an extra layer of security to accounts that support two-factor authentication (2FA).
Unlike other apps such as Google Authenticator or Authy, Yubico Authenticator requires you to physically connect your YubiKey to generate authentication codes. This provides several advantages:
Stronger Physical Security: Without the YubiKey physically present, codes cannot be generated.
Multi-Platform Compatibility: Yubico Authenticator is available on Windows, macOS, Linux, Android, and iOS.
Protection Against Cloning: Since the secrets used to generate the codes are stored directly on the YubiKey and not on the device, there is no risk of someone cloning your code database.