Physical security has always been a vital part of computer security. If a bad guy has unmonitored physical access to your computer, a large number of bad things can be done to your detriment. This become even more critical as we start to store a potentially large financial value on our devices.
Files containing cryptographic keys, Bitcoin wallets, and confidential data can easily be retrieved from hard drives with the proper knowledge – even when accounts and BIOS are protected by a password. The only protection against this, specifically, is if Full disk or container encryption is used to protect those sensitive bits. But if you don’t maintain proper physical security, key loggers can be installed to record passwords used to secure those containers, tiny video cameras can be installed above keyboards to record key strokes, and bootloaders can be “enhanced” with Malware to compromise your Operating System.
The first piece of keeping your computer secure is making sure it has the latest versions of your Operating System, patches, and software applications. Letting these things fall behind can open the door to malware thru vulnerabilities.
Don’t just take for granted that your Operating System is automatically applying system updates. Verify it for yourself and run the update process yourself from time to time.
If your Operating System does not update individual applications, make it a point to manually check the vendor’s website to see if there are any available updates – especially security related updates, which typically will be free of charge.
Honestly, AV software is nearly useless against new/unknown types of attacks, especially targeted attacks. But they can be very useful against well known problems. Even on traditionally Virus-Free Operating Systems, you should consider getting some type of AntiVirus protection for your computers that play a role in helping you manage your finances.
Your computers should have a dedicated, password protected account for each user. Setting this up allows for a higher level of non-repudiation – It is much more easy to identify who is doing what from your computer. It can protect you (and other users) from false accusations and protect confidential information stored in the account profiles.
It is somewhat important to maintain strong passwords for your computers. They should be as random and long as possible. This comic does a great job of explaining what a strong password might look like:
Comic by XKCD: Randall Munroe
One method that can be used to ease the pain is by using a Yubikey. The Yubikey is a small ThumbDrive” looking device that is really just a USB keyboard. When you press the button, it will input characters to your computer as if you were typing them in yourself.
The simplest way to use this product is by setting it with a static long, random string of characters and add or remove simple, easy to remember characters as a second factor of protection. This is often referred to as 2 factor authentication or “have something, know something”. For instance, if “ePhae9yi7uov” is stored on the Yubikey, and your additional component is your dog’s name “spookey”, your effective password might be “ePhae9yi7uovspookey” – something very hard to break, yet very simple to remember. As long as you maintain smart security* over your Yubikey, you’ve just enabled yourself to have super easy, strong account protection. There are much stronger methods of using your Yubikey, but the method described is a way for the average user to easily gain a whole lot of password security.
“Smart Security” being – maintain physical possession of your Yubikey at all times and don’t use it unwisely (like at untrusted computers or over unsecured protocols such http).
Additionally, the same Yubikey could be used for other passwords by simply using a different “easy to remember” additive password. For instance, your TrueCrypt/encryption password might be “backspace, backspace” and your cat’s name “bubbles” which would make your encryption password “ePhae9yi7ububbles”.
Several password storage systems exist that can help you manage a large number of unique passwords and their usage history. One of our favorites is from Keepass.info because it is cross-platform (MacOS, Windows, Linux) and you are responsible for the database’s security and privacy. We also recommend LastPass, if you would like a reputable 3rd party to manage the database security and privacy. LastPass offers a great solution that can be accessed via your desktop or mobile device and is another well known application that can also be tied to your Yubikey for unlocking the database. However, by using Yubikey/LastPass in this fashion, you’re extending your rights to privacy to a 3rd party.