Advice re File Security

I would like some advice regarding file security on my MBP synced with iCloud.

In brief, I’m experimenting and learning how to use iCloud Keychain to replace 1Password. I have historically stored all of my logins, license keys, sensitive credentials and other need to secure documents in 1Password.

I like 1Password but I’m committed to minimizing subscriptions. God has blessed me such that I’m able to purchased as many subscriptions as I like but I don’t consider this good stewardship overtime so I minimize recurring costs—there are better and higher uses of the money. That said, please don’t sidetrack this tread over a discussion of the pros and cons of subscriptions. I only share the above as context.

I will import all 1Password logins and other passwords into iCloud Keychain once I upgrade to Monterey and iOS 15. But as a “backup” I want to export and secure all of my 1Password data elsewhere for future reference as needed. I’ll also keep 1P around for as long as it works for future reference if needed.

I’ve considered using an encrypted DEVONthink database but given my experience of data loss, and that of others, I’m uncomfortable committing this critical sensitive data to DT.

My question is: based on what I have below, would you consider this secure?

• I have FileVault on
• A password is required to log into my computer and all devices, including my Apple Watch
• I am the only user of all of my devices.
• I use 2FA anywhere it is offered.
• I make constant backups of my MBP (and iCloud) on three external drives, each in a different location (Backblaze and two external hard drives)
• I will secure all sensitive PDFs with a PW
• I will store a spreadsheet of my 1P logins and PWs in an iCloud folder under an Obsidian vault for future reference if needed.
• I will keep 1P around for access if needed for as long as it works
• I will import all current 1P logins and PW to iCloud Keychain and use Keychain for all new PWs and secured notes.
• I will secure a few notes in Apple Notes with a PW

Would you consider this “secure”?

Personally, I would not feel secure with this setup as I understand it.

Right now, all your sensitive data is stored in 1Password. To access this data, one would need:
a) Access to your Mac or your Macs hard drive, your user account password (for FileVault) and then your 1Password password, since the local database is encrypted separately or
b) Your 1Password password plus your 1Password secret to login online (plus optionally and highly reccommended, a 2FA code or Yubikey)

Of course, one could still actively spy on you with a keylogger, a camera in a hotel room or some sort of trojan to read your 1Password database while unlocked, but that’s a whole different topic and one where I lack any expertise. (I’m also not an expert on encryption, but at least I have an opinion on that topic. )

From your description, I understand your planning to store passwords and other sensitive data in either plain text or as encrypted PDFs, probably not with a password as long as your 1Password password.

That means as soon as someone gains read access to your encrypted file system, that person will own your full password list. Yes, that list is encrypted by FileVault, but is your user account password as strong as your 1Password password used to be? Is your iPads and iPhones passcode as strong?

You plan to store some of that data on iCloud drive. Do you trust that neither a misguided Apple employee, nor anyone else including the government or hackers will stumble upon your iCloud folder full of unencrypted passwords? Not today, not in future?

Your backup strategy sounds good, but how secure is that backup data? How strong is the key to your external hard drives, which may be easier to steal and more straight forward to brute force than your MacBook? (If you know what you’re doing, brute forcing the MB is probably also not as much of an issue anymore, but it’s not as straight-forward for any unskilled script kiddie, at least.)
Do you use Backblaze’s end-to-end-encryption and did you apply a really strong key?

Even if you trust that your data is safe without end-to-end encryption on Apple’s server and that your local password is as super strong as your backups’ passwords, there’s still the risk that a weakness is discovered in e.g. FileVault or the iPhones encryption system. And honestly, I really wouldn’t trust any data that has been stored in the cloud without strong encryption.

For all your passwords and really sensitive other data (PDFs, notes), I’d go for a separate encrypted volumes, preferably utilizing something else than FileVault. For example, you could create an encrypted disk image with Veracrypt. Make sure to choose a high number for PIM just for some extra fun.

Especially considering you’ll probably only need to access that data very occasionally, and thus won’t keep that volume mounted often and for long times, this will add another, independent layer of security to your storage. (And doesn’t cost much in terms of added friction, since your primary password source will be iCloud Keychain.) Someone spies on you entering your phone’s PIN and then steals your phone, gaining access to your Obisidian vault? That’s bad, but he or she won’t be able to access your passwords.
A horrific bug renders Backblaze’s end-to-end-encryption useless? Well, have fun cracking that Veracrypt volume!

Call me paranoid, but storing clear-text passwords without second layer of encryption and/or storing clear-text passwords online is an absolute no-go in my personal opinion.

Two separate points:

• I would try and avoid storing all that sensitive data and password lists at several different, potentially redundant places. I’m not talking about backups, but about storing some passwords in Obisidian/iCloud, some in Apple Notes, some in separate PDF files etc. Maybe your better at housekeeping, but on my device, this would lead to outdated data being stored in some places, me not being sure what’s still current and what is not, and me eventually deleting the wrong files/notes.
  Might be that I simply misunderstood you, though, and you’re talking about e.g. storing your license keys in Apple Notes, your passwords in one backup list, and your medical records in encrypted PDF files.
• I didn’t read a lot about iCloud Keychain yet, but if that’s encrypted and unlocked by just your iCloud password, don’t forget to increase your iCloud password’s strength.

Whether or not something is secure depends almost entirely on who you are (which determines who your adversaries are), how many resources you are willing to expend on security, how many resources your adversaries are willing to expend, and the value of your information (to yourself and to anyone else).

Most people think of security only as making sure that information remains confidential, but security also means making sure that it’s available when needed, and that its integrity is preserved.

Specific thoughts about your situation:

1. I don’t trust per-file password protection. It’s frequently implemented very, very poorly and provides nothing more than a token password prompt. This is not always the case but it holds true far, far too often.

2. Your backups, especially the local ones, should be encrypted.

3. Like you, I’m also not wanting to get into a debate over subscriptions, but I will mention that creating software that implements cryptography correctly is unbelievably difficult and almost always something that has to be continually updated. If there is one place where you should strongly consider expending the resources you have toward keeping your data safe, it’s here. The caveat to this point of advice is that any system should default to your being able to access your data if the provider fails, or your terminate your engagement with them.

4. In general, the more elements of a security program the average user implements on their own, the less secure that program will be.

Edit to add: Everything @cornchip said too!

I would not do this, personally. I’m doing roughly the same thing, but planning on keeping the spreadsheet locally, no cloud access at all.

Security is about risk and control. How much risk are you willing to accept, and how much control do you need to maintain? In the end, if something is “secure” or not is largely dependent on the level of risk you are willing to accept. Go too far one way and you release everything you have to the world. Too far the other way and you might lock yourself out of your own data.

I’ve already offered my opinion on PDFs and I don’t want to pile on. With that said here’s my thoughts:

My question is: based on what I have below, would you consider this secure?

1. I have FileVault on (Should be secure if you have a long password that cannot be guessed or Googled) (Good)

2. A password is required to log into my computer and all devices, including my Apple Watch (Good, see above)

3. I am the only user of all of my devices. (Good)

4. I use 2FA anywhere it is offered. (Good)

5. I make constant backups of my MBP (and iCloud) on three external drives, each in a different location (Backblaze and two external hard drives). (Are the external drives encrypted?) (Probably good, if you don’t have unencrypted sensitive data on your computer)

6. I will secure all sensitive PDFs with a PW (And if you forget the password you can open them with programs like Pasper for PDF, PDF Doctor, PassFab for PDF, etc.). (IMO, Not Secure)

7. I will store a spreadsheet of my 1P logins and PWs in an iCloud folder under an Obsidian vault for future reference if needed. (IMO, a very bad idea. I’d prefer a hard copy in a secure location.).

8. I will keep 1P around for access if needed for as long as it works (Good)

9. I will import all current 1P logins and PW to iCloud Keychain and use Keychain for all new PWs and secured notes. (Good)

10. I will secure a few notes in Apple Notes with a PW (I don’t trust AN with important data. I’d use the secure note feature of Keychain instead)

Would you consider this “secure”? (Not entirely)

Whether or not something is secure depends almost entirely on who you are (which determines who your adversaries are), how many resources you are willing to expend on security, how many resources your adversaries are willing to expend, and the value of your information (to yourself and to anyone else).

100% agree. There is no one-size-fits-all or dogmatic rule of security. It’s relative, including in the ways you describe here.

I’m digesting all of this excellent information. Thanks for the outstanding advice!

Once I’ve had time to digest your advice, I’ll update the thread.

In the meantime, I have a follow-up question. It does not appear that one is able to create a secure note using iCloud Keychain in iOS or iPadOS 14.x. One can, of course, crete secure notes with iCloud Keychain on the Mac. Is it possible to create a secure note using iCloud Keychain on a mobile device with iOS/iPadOS 15? I don’t run betas so perhaps someone running a beta knows the answer.

Also, assuming that one cannot create secure notes on iOS/iPadOS using iCloud Keychain and given that I have a complex, long password for locking my devices, files, etc., and given the information provided by Apple Support below, could I not securely use Apple Notes for securing notes that sync across devices assuming that iOS 15 will lack support for securing notes in keychain? I know I can lock an Apple Note–but would you consider it secure based on what I just described and what Apple support says about security?

Tap the three dot button in the upper right and choose Lock or long press the note in the list of notes and choose Lock Note from the context menu.

I’m not seeing that on my iPad. Am I am the wrong settings location?

Screenshot 2021-08-20 at 11.46.19 AM2732×517 66.6 KB

Screenshot 2021-08-20 at 11.27.02 AM1136×540 29.2 KB

This is in the Notes app, not settings.

Sorry, I was referring to creating a secure note in iCloud Keychain, not Apple Notes. Sorry I was not clearer. I edited my post to make it clearer.

Or stored in your fire resistant safe (preferably stored inside your larger fire resistant safe).

Instead of Backblaze, I rotate one of my external backup disk drives to my safe deposit box at the bank.

Funny thing about that: There’s a semi-famous case here in which a university had data stolen from a drive locked in a safe. The Provincial Privacy Commissioner cited them for not having encrypted the drive.

Okay … okay!

P.S. Have you got any semi-famous cases of people paying big bucks trying to recover data off their encrypted drives?

Thanks for the great advice! I realize I have a major security hole–I have not encrypted the external drives. Can someone point me to a good online resource to I do this properly?

For a laugh (specifically at 1:06) though the clip is short and funny.

https://www.youtube.com/watch?v=SCB5YmpxBqo

Nope, because people always make multiple backups and validate them regularly

Right-click the drive, select Encrypt.

If you have a vehicle, don’t underestimate the utility of having an ‘offsite’ backup in your glove compartment.
I had a customer that did this - I hadn’t even thought of it.
Me: Do you have an offsite backup?
Him: Yep. Dash o’ my truck.

(Not ideal if parked in your garage and your house burns down, heat from sun, etc. But an extra backup, just in case.)

That’s it? Heck, even I can do that!