Physical security for home PC

Messages
24,880
Location
Upstate NY
How much do you worry about physical security for your PC that never leaves home? My kids are grown and living on their own. Just my wife and dogs. Dogs have shown little interest in my PC. Wife has her own. No secrets from wife on my PC. So I have a screen saver lock. I use LastPass with a password and Yubico YubiKey. But the YubiKey is next to my PC. No one is breaking into my house to steal my PC or my passwords. I have a house full of general house stuff like most people. When my memory goes I will probably write my password on a sticky and paste it on side of computer. Something I would never do at work, but do not see an issue at home with no kids. How do others feel?
 
Messages
4,889
Location
NJ
I should get my passwords more secure from thieves and easier to access for my wife should I meet an untimely demise. Thanks for reminding me.
 
Messages
16,717
Location
NH
That's a good question. I'd have to say, not very worried. We do keep a printed list of passwords, but haven't gotten around to finding a good place to keep it under lock and key.
 
Messages
2,504
Location
IL
Originally Posted by atikovi
I don't think anyone breaking into your house will be playing around with your computer trying to transfer money into their bank account if that's what your mean.
Yeah they will just TAKE IT, and MAYBE play around with it later. It's easier for the thieves to sit in a van near your home and steal from a unsecured WiFi..... So I would setup a secure wifi just for you PC, and make sure you got your lockscreen active. Some people have no lock screen and you can just go right on in.
 
Messages
4,117
Location
SW Ohio
Put it on a post-it note and stick it on your monitor. <span style="font-style: italic">If someone is in your house</span> to find that, you've got bigger things to be concerned about.
 

Donald

Thread starter
Messages
24,880
Location
Upstate NY
Originally Posted by Vern_in_IL
Originally Posted by atikovi
I don't think anyone breaking into your house will be playing around with your computer trying to transfer money into their bank account if that's what your mean.
Yeah they will just TAKE IT, and MAYBE play around with it later. It's easier for the thieves to sit in a van near your home and steal from a unsecured WiFi..... So I would setup a secure wifi just for you PC, and make sure you got your lockscreen active. Some people have no lock screen and you can just go right on in.
My WIFI is secure and my house is several hundred feet down my drive in the woods. Dogs would bark at a van in driveway. I suppose the thief could climb up a tree and try to hack my WIFI. Again dogs would notice.
 
Messages
4,117
Location
SW Ohio
Originally Posted by xxch4osxx
I thought AES-256 was for encrypting radio traffic?:
It's just a measure of the "strength" of encryption. It can be used for almost anything.
 
Messages
234
Location
USA
I use full disk encryption with a fairly long, complex pass phrase. Computers are left turned off when no one is home, so unless it's the NSA pulling a black-bag job (we're not interesting enough for that) it is very unlikely anyone will be able to retrieve any information. Backup drives are likewise encrypted.
 
Messages
1,462
Location
Gulf Coast, MS
Respectfully putting a password on a PC is 100% pointless in this case it's security through absurdity in this type of situation. The best security is a clean system once compromised reset the PC fully (format the hard drives) and start from scratch hoping there are no BIOS infections. To skip all the reset damage is done at the instance of infection removing a virus/malware will not often revert the damage it causes, they typically try to comprise the system for easier infection down the road and most software will not fix this once the infection has occurred. Two factor keys are handy, and they do work, but they are not perfect I believe folks have been able to clone them before. They are mostly intended for "absolute security" and if they can be cloned there is nothing absolute about them beyond pointless as they have failed to do the job they were intended for. Not wanting to start a long debate or argument about it really not but at the end of the day if the device can be compromised its functional goal has been defeated. As for password managers they have had a lot of exploits in the past and will continue to do so in the future, their biggest design flaw is letting you open them. The moment they are loaded into memory (once the master password has been entered) anything can read them in ram as plain text. Any malware can do this and it has been a common problem but sadly there really isn't a good workaround for this as it needs to be in memory to send the password/information to a form/log in. With a 2FA key this is helped a lot and can prevent most compromises but really that is only a solution on your end you still have to rely heavily on the websites and programs not to be stupid and reset the password over phone (once again has happened) generally security is only as strong as the weakest link. As for sign in to Windows a password there is completely pointless, you can clone the account and once you have the password to the clone can be removed through software (available by Microsoft) so anyone with knowledge of software and security will already know this (typically the ones to target users). If you want to put a password on a system the best would be to encrypt the boot drive they really can't get around that unless the encryption algorithm ends up compromised (kinda like SHA1 has recently). Many folks like to password protect the bios but this can be easily removed in many cases by jumping pins to clear the CMOS or removing the battery from the motherboard and waiting 10 or so mins. Security is really a myth, no system is perfect, every program has some flaw if it's not one thing it's something else never ends really. The best advice would be to make your information time-consuming to access as no security is perfect but generally folks go after weak targets so if you can annoy them enough you really don't have to worry all that much. Regardless of what ever system you put in place there is always a work around to bypass this, you could have a password on your BIOS, hard drive, Windows, etc just excellent security and it can still be bypassed fairly easily via something like Intel's Management Engine. If this is compromised nothing you do can prevent it or mitigate it, no way to detect it, can be used to access information on your PC while off, etc I'm sure you get the point. Nothing is perfect, nothing will ever be perfect, and trying to achieve perfect will just ruin your day to day "quality of life" experience with the device.
 
Messages
2,900
Location
Chicagoland
3800Series is, albeit sadly, absolutely correct. Anyone who truly wants your data will get it. I've been on a DEFCON/Blackhat speech binge lately, it's kind of scary how insecure "secure" systems are! Watched one about TSA scanners... you could type in a user name and password, literally whatever you wanted, and it would throw an error message and then log you in anyway! In another, a guy figured out how to turn on tornado sirens whenever he wanted.
 

Donald

Thread starter
Messages
24,880
Location
Upstate NY
reading the various posts here I think I need to give some thought to security if they take the laptop to sell and then someone has time to fool with it.
 
Top