Skip to content
- Use BitLocker Drive Encryption on all hard drives (including secondary), or LUKS for Linux.
- For very significant/sensitive data that cannot risk being stolen, use a VeraCrypt container on an encrypted hard drive.
- This ensures there’s a secondary layer of encryption with a different password to unlock it. This also makes it so that it can’t be leaked to CLOUD BACKUP SERVICES which have a tendency to be a dangerously unlooked vector.
- Ensure you use a backup service that supports native encryption using private keys you control (iDrive is the best).
- This is a secondary layer in case your username/password -> Authenticator is compromised. Additionally, ensure that the backup service does not save the private keys themselves.
- One negative of iDrive is the terrible Linux support. I recommend running a QEMU/KVM VM that runs the Windows version of the program, then sharing your desired locations to backup to the VM. I have a note on this here.
- If you aren’t using a backup service already, you’re NGMI…
- Use an encrypted notepad program, such as encNotepad -> never use plaintext notes for anything.
- (I’m not here to plug my basic software, but encNotepad is a basic notepad-like program to get you up and running, and with high-enough security methods)
