Security for Everyone Storm Joubert twitter.com/storm_undone 

Threat Modeling A way of narrowly thinking about the sorts of protection you want for your data. It's impossible to protect against every kind of trick or attacker, so you should concentrate on which people might want your data, what they might want from it, and how they might get it. - https://ssd.eff.org/en/glossary/threat-model 

Threat Model ● What am I trying to keep safe? ● Who am I trying to defend against? ● How likely is it that an adversary will succeed? ● How bad is it if they do? ● How much effort am I willing to put into protecting this? 

Threat Model Example ● What am I trying to keep safe? ○ Emails ● Who am I trying to defend against? ○ Bots, skiddies ● How likely is it that an adversary will succeed? ○ That depends on precautions ● How bad is it if they do? ○ Catastrophic ● How much effort am I willing to put into protecting this? ○ Significant 

No content

Password Managers ● LastPass ● Dashlane ● KeePass, KeePassX, KeePassXC 

When Password Managers Can’t ● Still need a good one to protect your password manager ● Passphrases are better than passwords ● Diceware ● https://xkcd.com/936/ (CORRECT HORSE BATTERY STAPLE) 

2 Factor Authentication 1. FIDO U2F device (http://www.dongleauth.info/) 2. Authenticator app (Google, Authy) 3. Backup codes on paper 4. SMS or email 

Environment Variables ● envchain https://github.com/sorah/envchain 

No content

Full Disk Encryption 

Backups 

Questions? Storm Joubert twitter.com/storm_undone