Forem: 16bit Paladin

How do I keep my digital life safe? (And you should too)

16bit Paladin — Thu, 22 Aug 2024 13:24:09 +0000

In an increasingly digital world, securing your online presence is more important than ever. Our digital lives contain everything from personal memories to financial information, and a breach could have severe consequences. Over the years, I’ve developed a robust system to keep my digital life secure. In this post, I'll share the key strategies I use, and I'd love to hear your thoughts and suggestions on how I can further enhance my security.

1. Password and Key Management with KeePass

Managing numerous passwords and security keys can be overwhelming, but with the right tools, it becomes manageable. I rely on KeePass to securely store and manage my passwords across various devices. On my Mac, I use KeePassXC, a cross-platform community fork of KeePass that’s user-friendly and offers robust security features.

To ensure that my password database is always up-to-date across all devices, I use Syncthing, a continuous file synchronization program. Syncthing allows me to sync my KeePass database across all my devices securely and without relying on third-party cloud services. This means I have control over my data at all times, reducing the risk of exposure.

2. Enhancing Database Security with a YubiKey

A strong password is essential, but I take my security a step further by protecting my KeePass database with both a password and a YubiKey. The YubiKey adds an additional layer of security by requiring physical confirmation of the decryption process. Even if someone were to acquire my KeePass database file, they would still need my YubiKey to access it.

This combination of something I know (my password) and something I have (the YubiKey) ensures that my database is secured by two factors, making unauthorized access highly unlikely.

3. Two-Factor Authentication (2FA)

Wherever possible, I use Two-Factor Authentication (2FA) to secure my online accounts. 2FA adds a critical layer of security by requiring a second form of verification, typically something like a time-based one-time password (TOTP) or a hardware token, in addition to my password.

Crucially, I do not store my 2FA keys in the same database as my passwords. I prefer to use a separate service for this purpose. This separation ensures that even if one layer of security is compromised, the other remains intact, making it much harder for an attacker to gain full access to my accounts.

4. Using ED25519 Keys for SSH and Git

When it comes to connecting to servers or signing git commits, I use ED25519 keys. ED25519 is a public-key signature system that is faster and considered more secure compared to older algorithms like RSA. I store these keys securely in my KeePass database, and I utilize an SSH agent to manage them.

To streamline the process, I automatically push my ED25519 keys to the SSH agent through an SSH agent socket file. This setup allows me to maintain a high level of security while still having convenient access to my keys whenever I need them.

5. Maintaining Privacy with Disposable Emails

Privacy is another critical component of my digital security strategy. To protect my identity and reduce spam, I frequently use disposable email services. These services allow me to create temporary or one-time-use email addresses, which I can then use to sign up for websites or services without revealing my primary email address.

Some of the tools I use include Apple’s Hide My Email feature and the simple trick of adding a plus sign (+) to the end of my email identifier. For example, if my email is john.doe@example.com, I might use john.doe+service@example.com to sign up for a new service. This not only helps me manage and filter my emails but also allows me to identify which services might be sharing or leaking my information.

6. General Security Suggestions

A. Regular Software Updates

Always keep your software, operating systems, and apps up-to-date. Software updates often include security patches that address vulnerabilities discovered by developers or security researchers. By staying updated, you reduce the risk of exploitation by cybercriminals.

B. Use a Virtual Private Network (VPN)

A VPN encrypts your internet connection, making it more difficult for hackers or malicious actors to intercept your data. This is especially important when using public Wi-Fi networks, which are typically less secure.

C. Enable Full-Disk Encryption

If you’re not already using full-disk encryption on your devices, consider enabling it. This ensures that even if your device is lost or stolen, the data stored on it is encrypted and inaccessible without the correct decryption key.

D. Regular Backups

Regularly back up your important data to an external hard drive or a secure cloud storage service. This protects you against data loss due to hardware failures, accidental deletion, or ransomware attacks.

E. Secure Your Home Network

Ensure your home network is secure by changing the default router password, using WPA3 encryption, and regularly updating your router’s firmware. Additionally, consider setting up a guest network for visitors to limit access to your primary network.

F. Review App Permissions

Regularly review the permissions granted to apps on your devices. Revoke any permissions that seem unnecessary or overly intrusive. This reduces the risk of apps accessing your data or functions (like your microphone or camera) without your knowledge.

G. Use Anti-Malware Software

Install and regularly update anti-malware software to protect against viruses, spyware, and other malicious software. This adds an extra layer of defense against potential threats that may slip through other security measures.

H. Implement a Password Policy

Consider using a password policy that includes longer passphrases, regular password changes, and avoidance of password reuse across multiple sites. This policy reduces the likelihood of a successful brute force attack and limits the damage of a potential breach.

I. Monitor Your Accounts and Credit

Regularly monitor your financial accounts, email accounts, and credit reports for any unusual activity. Early detection of unauthorized activity can help you mitigate damage quickly.

Conclusion: Your Tips and Suggestions

These are some of the key strategies I use to keep my digital life secure. However, cybersecurity is an ever-evolving field, and there are always new threats and solutions on the horizon. I’m constantly looking to improve my setup and would love to hear your thoughts.

What practices do you follow to secure your digital life? Do you have any tips or tools that could further enhance the strategies I’m using? Feel free to share your ideas in the comments below—let's help each other stay safe in this digital age!

A Quick Guide to My .bashrc Setup

16bit Paladin — Wed, 14 Aug 2024 08:14:33 +0000

Hey there! If you're like me, spending a good chunk of time in the terminal, you know how important it is to have a smooth and personalised Bash environment. Your .bashrc file is the secret sauce that can make your command-line experience not just bearable, but enjoyable. In this guide, I’m going to walk you through my .bashrc setup, sharing some tips and tricks that help keep things tidy, efficient, and just plain fun to use.

1. Keeping Things Tidy with XDG Directories

Let’s start with a little housekeeping. By default, configuration files can clutter up your home directory. To avoid that, I use the XDG Base Directory Specification, which organizes everything neatly into specific folders.

# ================= XDG =================
export XDG_CONFIG_HOME="$HOME/.config"
export XDG_CACHE_HOME="$HOME/.cache"
export XDG_DATA_HOME="$HOME/.local/share"
export XDG_STATE_HOME="$HOME/.local/state"

XDG_CONFIG_HOME: This is where all my config files live.
XDG_CACHE_HOME: Perfect spot for temporary cached data.
XDG_DATA_HOME: Holds user-specific data, like application data.
XDG_STATE_HOME: Keeps state files, like session info or history.
By using these variables, I keep my home directory clean, and it makes things easier to back up or transfer when moving to a new machine.

2. Setting Up Environment Defaults

Next up, I set a few default environment variables to make sure everything runs smoothly across different setups.

# ================= DEFAULT =================
case $- in
  *i*) ;;
    *) return;;
esac

export LANG=en_US.UTF-8
export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
export HISTFILE="$XDG_STATE_HOME/bash/history"
export GIT_EDITOR=vim
export EDITOR=vim
alias wget=wget --hsts-file="$XDG_DATA_HOME/wget-hsts"

LANG=en_US.UTF-8: Ensures all my text handling is in UTF-8, which is a must for working with different languages.
SSH_AUTH_SOCK: This points to my custom SSH agent socket, keeping my SSH keys secure and easy to manage.
HISTFILE: I redirect my Bash history file to $XDG_STATE_HOME—it’s a small tweak, but it keeps my history file from cluttering up my home directory.
GIT_EDITOR and EDITOR: I’m a big fan of Vim, so it’s my go-to editor for Git and other text editing tasks.
wget alias: This ensures that wget uses a custom history file stored in the XDG data directory—another small way to keep things organised, because wget does not support XDG by default.

3. Supercharging Bash with Oh-My-Bash

If you haven't heard of Oh-My-Bash yet, you're in for a treat. It’s a framework that makes your Bash environment way more powerful (instead of doing everything manually). Here’s how I set it up:

# ================= OH-MY-BASH =================
export OSH="$XDG_DATA_HOME/oh-my-bash"
OSH_THEME="agnoster"
COMPLETION_WAITING_DOTS="true"
OMB_USE_SUDO=true
OMB_PROMPT_SHOW_PYTHON_VENV=true
completions=(git composer ssh)
aliases=(general ls)
plugins=(git bashmarks pyenv)
source "$OSH"/oh-my-bash.sh

OSH: Just like with other config files, I keep Oh-My-Bash in the XDG data directory.
Theme and Options:
OSH_THEME="agnoster": I use the agnoster theme, which is both visually appealing and informative. It shows your Git branch and Python virtual environment, among other things.
COMPLETION_WAITING_DOTS="true": This shows dots while Bash completes commands—giving you a little visual feedback.
OMB_USE_SUDO=true: Allows sudo commands to play nicely with Oh-My-Bash.
OMB_PROMPT_SHOW_PYTHON_VENV=true: If you work with Python, this will show your active virtual environment in the prompt, which is super handy.
Completions, Aliases, and Plugins:
completions: Enables autocompletion for Git, Composer, and SSH commands—this is a big time-saver.
aliases: Custom shortcuts for commands I use all the time.
plugins: Adds support for Git, Bashmarks (which is awesome for bookmarking directories), and Pyenv (for managing Python versions).

4. Making SSH Easy on WSL

I use Windows Subsystem for Linux (WSL) quite a bit, and managing SSH keys can be tricky. To make it seamless, I’ve added this little script:

# ================= WSL-SSH =================
ss -a | grep -q $SSH_AUTH_SOCK
if [ $? -ne 0 ]; then
  npiperelaypath=$XDG_DATA_HOME/npiperelay
  if [ -d $npiperelaypath ]; then
    rm -f $SSH_AUTH_SOCK
    (setsid socat UNIX-LISTEN:$SSH_AUTH_SOCK,fork EXEC:"$npiperelaypath/npiperelay.exe -ei -s //./pipe/openssh-ssh-agent",nofork &) >/dev/null 2>&1
  fi
fi

This checks if the SSH agent socket is active, and if it’s not, it sets one up using npiperelay and socat. The result? Smooth SSH authentication in WSL without having to re-enter passphrases constantly through your Windows machine.

5. Leveling Up with FZF

Finally, I’ve added FZF to my setup, which is a fuzzy finder that makes searching through files, directories, and command history a breeze.

# ================ FZF ===================
source $XDG_DATA_HOME/bash/completion.bash
source $XDG_DATA_HOME/bash/key-bindings.bash

These scripts enable FZF’s autocompletion and key bindings, letting me quickly find what I need without a lot of typing.

Wrapping Up

And that’s it! My .bashrc is all about keeping things neat, efficient, and fun to use. By organising my config files with XDG, using Oh-My-Bash, and FZF, I’ve created a command-line environment that feels just right.

I hope this guide gives you some ideas for your own setup. Remember, Bash is incredibly customisable, so don’t be afraid to tweak things and make your environment work best for you. If you know some more tips and tricks please let me know in the comments section.

P.S.: You can keep your .bashrc file in your git repository, to pull it quickly into any new machine that you want to start working.