I was recently thinking about security as a result of finding the hard copy of a PGP revocation certificate I had printed, when I realized: I had no clue what I should do in case the physical security of my computer was compromised (i.e., if it was stolen or went missing for an extended period of time). So I decided to take stock of how many secrets I have here and what the best way to render them useless or remote-erase them would be in case I lost it, as well as to make it hard for anybody who steals it to get any use out of the secrets before I can make them useless.

I store my passwords in a KeePass password database, encrypted using AES using a reasonably long passphrase; I have it set to require the passphrase if the window loses focus for more than 30 seconds. I then synchronize it using Dropbox between various computers, as well as so I can download it if I’m on a new computer that I trust enough to log into stuff on. I also have my PGP private key on my laptop. Noticeably, there are several password I have that are not written down anywhere: my MIT Kerberos password, my Gmail password (most of my password reset e-mails would be sent there, so if it was compromised everything else would be too), the KeePass database password, and my Dropbox password. And of course there’s a password on my laptop, but I wouldn’t rely on that for anything beyond keeping someone from looking at my stuff while I’m temporarily out.

So what does that mean in case the laptop’s stolen? Step one is to go everywhere I know of that I can sign into using public key cryptography on this machine and delete the keys; fortunately, the only such machine at the moment is the Github remotes and my VM; I’d also force-disconnect any ssh sessions that I left open by killing the processes. After that’s done, I change my Gmail password in case I left myself logged in or cookied or something, and forcibly sign out all my other accounts using the link on the bottom. If the password’s been changed or it’s been more than a day or so since I last saw the laptop, I assume all my accounts are compromised. The third step is to backup the password database and then delete it from Dropbox; if the person who stole it isn’t smart, the next time it connects to the internet it’ll delete the local copy. Interestingly, even if I change the Dropbox password, the computer will still have access to my files; if I want to disable syncing, I have to unlink the computer it on the website (which does tell me when the last sync occurred). Then I change the password for my AOL and MSN accounts; MSN only lets you sign on from one place at a time, but AOL doesn’t, and I don’t know if it’s possible to force a logout. Finally, I’d probably revoke my public key; I know enough people who can get it signed that are in the strong set that it’s not terribly difficult to get back in there. I have a printout of my revocation certificate for just this occasion.