Security via separation?

[Kev]

There are a plethora of options with Mint and Linux through which normal desktop users can better protect important data and activities from more risky ones by introducing some form of additional separation or isolation. Flatpak, Firejail, VirtualBox, etc. Booting from volatile/live OSs or full external/USB installations for certain activities, or even dedicated separate laptops. Varying degrees of separation, but many of them would be quite easy for even me to implement...

... and yet I currently do almost none of these things. Sure Linux is decent by default and I'm just a personal/home/laptop user, with no special risks or threats - though like many, I conduct ever more of my life online or via the same laptops. And yes, I'm careful with backups, encryption, passwords, 2FA etc. But I'm lazy about distinguishing things such as banking or shopping from visiting untrusted websites, or installing software natively that I can't 'really' guarantee. Pretty much everything is just lumped together without too much thought.

I'm not going to get excessively paranoid (or vanish down the rabbit-hole of privacy), but there are just 'so' many easy ways to be better that I'm probably being lax not to use at least some of them routinely. Mileage and opinion will of course vary, but given the many options I'd be interested to hear what people think are potentially worthwhile approaches to consider using, for improving this kind of scenario.

Thanks,
Kev

[Boca]

I think your question may prompt a lot of responses.

Here's my 2p-worth ....
any sensitive data is stored in a VeraCrypt vault
extensive use of Bitwarden password manager. Just in case it is ever compromised, I don't store the full password for any sensitive sites... any financial passwords need an additional phrase adding.
Only access sensitive ( eg financial) sites via a separate user account called Financial.
Only access sensitive ( eg financial) sites via TOR
Laptop times out after 30min so its exposure to the WWW is time-limited.
2FA via Google authenticaaor or SMS

Tony

[Kev]

Thanks, that is useful to hear. Additional user accounts also aren't something I've bothered to employ, and yet easily could. TBH I think of Tor as being more suitable for privacy than security, but otherwise the principle would work for me.

Yeah, it is quite a wide question with many possible answers. Possibly for the sake of discussion, it might help to just consider what and how people choose to separate and isolate. Other aspects of security can be other topics.

Thanks again,
Kev

[mikeflan]

I mostly work to keep physical possession of my hard drives, though I'm not too serious about that either. And I run Noscript on my main browser. The only encryption I use now is on my off-site backups.

It's kinda funny how much effort people expend to protect their computer data, and then they pay somebody $70 per month to track their every move on a phone

[Kev]

Yeah, I too tend to focus on good backups - it is a bit tedious sometimes but has really been worthwhile on occasion. So I'm reasonably confident about that aspect of security - not losing any data. I'm also not doing anything that I need to hide, so no reason to risk security for the sake of privacy, which makes things much easier.

My focus is really on avoiding leaks/theft of things like logon credentials or financial details, that in some cases could completely mess up my fragile little world. I'm pretty much broke and deeply uninteresting, so unlikely to be targeted by high level hackers, plus Linux is pretty robust against general threats already. So the risks don't seem very great, but obviously they aren't non-existent - especially when an imperfect user is part of the system.

So it makes sense to me that I should take advantage of some of the options that Linux offers to increase the distance between important/sensitive stuff and casual, more risky activities. Especially when it comes to online activity and things like less trustworthy software or extensions. I'm slowly formulating a plan for parcelling up my laptops/accounts/activities/data etc, so was interested to hear if/what/how others choose to do.

Cheers,
Kev

[Kev]

Well, it seems not many people do this kind of thing. Probably then it isn't worth being very elaborate for normal use cases, and certainly I've had no problems so far. So I'll just re-arrange and tighten things up a little bit as makes sense to me, and leave it at that:

• The current 'work' and 'home' laptops will instead become 'important' and 'casual' ones, so that the former can be looked after more carefully (both physically and in usage), whilst the latter can be more fun.
• Work and non-work life can be separated by different Linux user accounts instead, and I'll also have a banking-only account - thanks to Tony's example!
• Additionally I'll set up some virtual machines for doing sensitive or risky stuff; probably keeping a clean original to go back to from time to time. Unless the laptops (which are both old and second-hand) are too slow for that, in which case perhaps Firejail or other sandboxes would suffice.
• I'll have some separate encrypted partitions, for any sensitive data, passwords etc. These can normally be 'at rest' and so locked, to be mounted only when actually required.

For especially dodgy things (e.g. malware testing) I'll also look at making the SSD more easily swappable. With the main one replaced, nothing could reach it's unencrypted boot partitions etc. Possibly OTT but I have some small old SSDs left over from upgrades, so it'd cost nothing for pretty robust segregation.

Time to leave the concrete bunker perhaps...

[AZgl1800]

I think your question may prompt a lot of responses.

Here's my 2p-worth ....
any sensitive data is stored in a VeraCrypt vault
extensive use of Bitwarden password manager. Just in case it is ever compromised, I don't store the full password for any sensitive sites... any financial passwords need an additional phrase adding.
Only access sensitive ( eg financial) sites via a separate user account called Financial.
Only access sensitive ( eg financial) sites via TOR
Laptop times out after 30min so its exposure to the WWW is time-limited.
2FA via Google authenticaaor or SMS

Tony

I prefer LastPass because I use multiple PCs in my home, LastPass is a high security Password Manager that is Cloud based. I have used it since it was invented, and never once had a security problem with it.

BitWarden is dedicated to one PC, I don't like that, period.

For casual websites like this forum, and other forums, I allow Firefox to store the password.

For anything that effects my life financially, that is not allowed period, I always use LastPass to provide the passwords.

I have one bank that will not allow any password app to provide the username, a real PITA for me, as the name is convoluted.
it will accept the Password from LastPass though, so at least that part is taken care of for me.

LastPass will export all of your usernames/passwords to a file in various formats, if you wish to have a backup somewhere.

I make random backups of all of my data to external USB drives, and images once in a while also.

[cliffcoggin]

I try to separate functions for greater security and privacy by having a tightly controlled work computer running Linux Mint and an entertainment computer running Chrome OS. They are completely independent of each other, having different email accounts and no synchronisation with each other. The only common factor linking them is the router, though even then the work computer is connected by an Ethernet wire, not wifi. I daresay it is not a perfect arrangement but I doubt such a thing exists.

[JoeFootball]

BitWarden is dedicated to one PC ...

Not so. I use it on all my PCs and my phone, where they all use the same vault.

Edit: More info ...
https://bitwarden.com

[Kev]

I try to separate functions for greater security and privacy by having a tightly controlled work computer running Linux Mint and an entertainment computer running Chrome OS. They are completely independent of each other, having different email accounts and no synchronisation with each other. The only common factor linking them is the router, though even then the work computer is connected by an Ethernet wire, not wifi. I daresay it is not a perfect arrangement but I doubt such a thing exists.

That is a good point, thanks! I do also have some entertainment devices (raspberry pi and an ancient laptop) that I'd not yet included in the plan. They aren't necessarily the most secure systems generally, run certain services such as uPnP and need to be online for things like streaming radio and media. So I have them on a 'guest' wifi network that can't see my main one.

But they are 'sometimes' part of the system, because occasionally media files get moved to/from them, and they're managed remotely from a laptop. So probably I should have another account on the laptop, for those occasions when I need to connect to them via the guest network. It would help prevent accidentally connecting my work setup to the guest network.

Thanks again!

[Kev]

As for password managers, I happen to use Bitwarden at the moment but it is largely comparable to Lastpass which I used previously. It is a bit tedious sometimes because I use 2FA with Bitwarden and then once I have access to the password typically use 2FA again with the site being logged onto, but it feels fairly secure.

That said, I'm thinking of moving the more sensitive passwords to local storage only, so then there'd be three levels - unimportant passwords saved in the synced browser account for convenience, things I care a bit more about in bitwarden, and a few quite sensitive credentials only saved locally in encrypted partitions.

That said, I really like the earlier suggestion of using partial passwords or prompts, rather than saving the whole thing in there. Manually entering parts of the password would probably mean using something suitable for human regurgitation, rather than the random strings that I currently use. But there are many local slang terms and made-up words that could create human-readable phrases which no dictionary would likely hold.

Useful stuff, thanks!

[rene]

That said, I'm thinking of moving the more sensitive passwords to local storage only, so then there'd be three levels - unimportant passwords saved in the synced browser account for convenience, things I care a bit more about in bitwarden, and a few quite sensitive credentials only saved locally in encrypted partitions.

Note that if "the synced browser account" is Firefox with Firefox Sync then this no less secure than Bitwarden (unless you'd use a locally installed Bitwarden-server rather than its cloud) and quite possibly more so. Have never dug too deep into Bitwarden due to not wanting to use it anyway but with Firefox Sync it's the case that all that's ever sent to Mozilla is sent and stored encrypted, with them not having the encryption key. There's a nice description of things here: https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

Although you'll with Google Chrome have to specifically elect to encrypt things, it also can and would then be supposedly not significantly different; have again not ever dug deep. If you'd use a Microsoft or Apple product All Your Base Are Belong To Them in any case, so likely your encryption key also.

Anyways. Having at one point dug a bit deeper into the mechanics of Firefox Sync I always feel it tempting to remark on: it's majorly convenient and really not in a practical sense any less secure than any of its functional alternatives.

[Kev]

Note that if "the synced browser account" is Firefox with Firefox Sync then this no less secure than Bitwarden (unless you'd use a locally installed Bitwarden-server rather than its cloud) and quite possibly more so. Have never dug too deep into Bitwarden due to not wanting to use it anyway but with Firefox Sync it's the case that all that's ever sent to Mozilla is sent and stored encrypted, with them not having the encryption key. There's a nice description of things here: https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

Although you'll with Google Chrome have to specifically elect to encrypt things, it also can and would then be supposedly not significantly different; have again not ever dug deep. If you'd use a Microsoft or Apple product All Your Base Are Belong To Them in any case, so likely your encryption key also.

Anyways. Having at one point dug a bit deeper into the mechanics of Firefox Sync I always feel it tempting to remark on: it's majorly convenient and really not in a practical sense any less secure than any of its functional alternatives.

Thats very useful to hear, thank you for the info! It is indeed firefox that I favour, partly because I have a reasonable degree of trust in it.

I suppose then the differences might be just about how I would use Firefox's saved passwords compared to a dedicated manager - e.g. to what devices and/or (linux) accounts it is synchronised, and what risk-level of browsing it is used for. Though Bitwarden is only unlocked when I specifically need a password, employing 2FA to do so, whereas Firefox has the passwords simply available all the time I'm browsing; that's considerably more convenient but I don't know if it is a significant weakness or not.

I suppose one could take that idea and extend it by using different browsers for less important or more risky purposes (e.g. chrome/chromium; useful to hear there is the possibility of encryption there too). That'd offer another separated channel for syncing passwords, so that those in firefox or Bitwarden need not be put at risk. I'm fairly methodical, so could probably keep track of it all. I know there are several specifically privacy-focussed browsers too, but in most cases I trust them less in terms of security, so would probably stay with Firefox for the important stuff.

Thanks again, a lot to consider!
Kev

[t42]

Passwords' encrypted storage at rest is a trivial task, even gpg -c all.mypasswords.txt will do. In real life some obscure script hidden form using something like signon.autofillForms can happily patch one's sense of security.

[JoeFootball]

Have never dug too deep into Bitwarden due to not wanting to use it anyway but with Firefox Sync it's the case that all that's ever sent to Mozilla is sent and stored encrypted, with them not having the encryption key.

Yep, Bitwarden works similarly.

https://bitwarden.com/blog/post/vault-s ... d-manager/

[rene]

I suppose then the differences might be just about how I would use Firefox's saved passwords compared to a dedicated manager - e.g. to what devices and/or (linux) accounts it is synchronised, and what risk-level of browsing it is used for. Though Bitwarden is only unlocked when I specifically need a password, employing 2FA to do so, whereas Firefox has the passwords simply available all the time I'm browsing; that's considerably more convenient but I don't know if it is a significant weakness or not.

What 2FA protects against is your account password being compromised and is something that also can be enabled for Firefox accounts: https://support.mozilla.org/en-US/kb/se ... entication

In an essential sense the account password is certainly significant: with it, someone can log in to your account and sync all your other passwords. For Firefox it's already by default the case that email-based 2FA is setup when any given browser tries to login to some given Firefox account for the first time (which is already a big deal) and more encompassing 2FA can at the cost of convenience be set up as per the above link. I again don't know the specifics of Bitwarden but I'd assume that it's again not a difference then.

Less essentially.... if you chose a strong account password then it amounts to your confidence being able to keep that password secret and that mostly depends on human factors rather than technology as such. I.e., is your system private or is it used by multiple people? Are some of those people potentially untrustworthy, even if not due to maliciousness then due to inexperience (kids)? Do you ever or even routinely need to log in to your Firefox account on foreign and potentially untrustworthy systems? Are you likely to be a specific target of specific hacking? So on, so on...

I personally tend to find myself on the more relaxed part of the spectrum those questions imply. And, yes, I for example used to keep Opera around for a few uses but wouldn't dream of logging in, well, anywhere really but certainly nowhere sensitive. By and large all my eggs are in the Firefox basket; it's really a sturdy enough basket for my personal use-cases, me being able to answer many of the above questions with "no".

[EDIT] Edited out some particularly poor grammar only.

[rene]

Have never dug too deep into Bitwarden due to not wanting to use it anyway but with Firefox Sync it's the case that all that's ever sent to Mozilla is sent and stored encrypted, with them not having the encryption key.

Yep, Bitwarden works similarly.

https://bitwarden.com/blog/post/vault-s ... d-manager/

Thanks for the link, and yes, that looks to be conceptually the same. I once looked into Bitwarden a few years ago and found it to look good then as well; in the end shied away from it really only due to its web-technology centric infrastructure. I.e., gobs of Javascript which for me raises an immediate if probably unwarranted red flag as to trustworthiness of the local applications.

Back then settled on local storage via KeePassXC and at the moment see no reason to use Bitwarden over Firefox Sync. But yes, anyone who does currently use Bitwarden should supposedly feel free to continue doing so. It looks fine.

[fstjohn]

I've used Lastpass for years. Originally I used Roboform for years before that, until they changed their pricing scheme. I've never doubted the security on either service. I use Private Internet Access VPN always on and Firefox with Privacy Badger and DuckDuckGo Privacy Essentials. DuckDuckGo search engine exclusively. Email is Posteo.net with Thunderbird IMAP.
I'm a fanatic about backups. My main desktop system and home directories are backed up on a daily schedule to an external HD using Backintime and Timeshift. I scan everything... bills, receipts, Tax, bank statements, mail orders, vital documents etc. to my documents directory which is included in the daily Backintime backup. The documents directory is encrypted locally and copied to the Mega cloud in real time. I have an external 3TB disk strictly for backups. On a manual, mostly weekly basis I use Aptik (paid version) to back up my system, plus Foxclone, Backintime and Timeshift. I use FreeFileSync to mirror my two internal 1TB and 1 external 1TB data drives, after which I disconnect the 3TB until next time.

I spend a lot of time (I'm retired) "Fiddling" with Mint, always trying to find something that works better and learning the ins and out of Linux. Quite often that fiddling results in unintended consequences, even a bricked system. Among all my backups I'm about 99.5% certain to find at least one that saves my bacon. Has happened on many occasions.

[Kev]

What 2FA protects against is your account password being compromised and is something that also can be enabled for Firefox accounts: https://support.mozilla.org/en-US/kb/se ... entication

In an essential sense the account password is certainly significant: with it, someone can log in to your account and sync all your other passwords. For Firefox it's already by default the case that email-based 2FA is setup when any given browser tries to login to some given Firefox account for the first time (which is already a big deal) and more encompassing 2FA can at the cost of convenience be set up as per the above link. I again don't know the specifics of Bitwarden but I'd assume that it's again not a difference then.

Less essentially.... if you chose a strong account password then it amounts to your confidence being able to keep that password secret and that mostly depends on human factors rather than technology as such. I.e., is your system private or is it used by multiple people? Are some of those people potentially untrustworthy, even if not due to maliciousness then due to inexperience (kids)? Do you ever or even routinely need to log in to your Firefox account on foreign and potentially untrustworthy systems? Are you likely to be a specific target of specific hacking? So on, so on...

I personally tend to find myself on the more relaxed part of the spectrum those questions imply. And, yes, I for example used to keep Opera around for a few uses but wouldn't dream of logging in, well, anywhere really but certainly nowhere sensitive. By and large all my eggs are in the Firefox basket; it's really a sturdy enough basket for my personal use-cases, me being able to answer many of the above questions with "no".

Yes it is certainly possible to get carried away with these things (I have that tendency!). But it should be easy enough to lower the bar later, if things prove to be too tedious in practice. At the moment I'm finding it useful to consider how things could be structured if wished.

I think the thing that concerns me about Firefox accounts is less the mechanism of logging in and more the fact that (typically) I would be very routinely logged in during browsing sessions, due to syncing all the other stuff using the same account (like bookmarks and tabs etc). Whereas a password-only manager could be left mostly locked except specifically when a password is needed. I'm not sure how close to impossible it might be for malicious sites or extensions etc to gain access to an open firefox stash though; I've heard that autofill can be fooled into supplying details for instance, so I'd probably not allow that, but there may be other risks and I don't know enough to quantify them.

Thanks again, Kev.

[Kev]

I've used Lastpass for years. Originally I used Roboform for years before that, until they changed their pricing scheme. I've never doubted the security on either service. I use Private Internet Access VPN always on and Firefox with Privacy Badger and DuckDuckGo Privacy Essentials. DuckDuckGo search engine exclusively. Email is Posteo.net with Thunderbird IMAP.
I'm a fanatic about backups. My main desktop system and home directories are backed up on a daily schedule to an external HD using Backintime and Timeshift. I scan everything... bills, receipts, Tax, bank statements, mail orders, vital documents etc. to my documents directory which is included in the daily Backintime backup. The documents directory is encrypted locally and copied to the Mega cloud in real time. I have an external 3TB disk strictly for backups. On a manual, mostly weekly basis I use Aptik (paid version) to back up my system, plus Foxclone, Backintime and Timeshift. I use FreeFileSync to mirror my two internal 1TB and 1 external 1TB data drives, after which I disconnect the 3TB until next time.

I spend a lot of time (I'm retired) "Fiddling" with Mint, always trying to find something that works better and learning the ins and out of Linux. Quite often that fiddling results in unintended consequences, even a bricked system. Among all my backups I'm about 99.5% certain to find at least one that saves my bacon. Has happened on many occasions.

Ah that sounds very much like my work life; until recently I was the dogs-body tasked with making and testing all the backups. One small silver lining of recent upheavals is that I now only have my own data to look after, and I don't do enough really important stuff to make that difficult. But yes I too have plentiful and regular backups in different locations, and also use timeshift for the OS and also CloneZilla for the whole system.

So I'm not too worried about that aspect of security. I could benefit from some more media though, as it isn't perfect -currently I need to occasionally over-write older backups which means un-noticed problems could eventually propagate through all the backups.