Account Security

Published: Sunday, Oct 4, 2020 Last modified: Monday, Nov 23, 2020

Security feature IOS Archlinux Laptop Web
Something you know Apple password1 LUKS cryptsetup password4 Use Firefox/Google accounts with 2FA
Something you have Apple device2 Physical thinkpad4 2FA by Authy5
Something you are Apple device's face recognition3 Do not trust the fingerprint reader Nothing biometric

1 Apple can read your backups

2 You can just replace your device by restoring your backup, so moot

3 Bypassed trivially with the 6 digit PIN password

4 If lost (forgotten), I basically lose my private data. No chance of recovery. Private data includes my accounts file and various recovery codes.

5 Authy IIUC can be completely recovered by knowing my Authy password. I could enable Face ID protection, but again IIUC it could be trivially bypassed with PIN. I think the keys are stored in my Apple account, tbh I am not sure.

Things I’m struggling with

I’ve since delegated my vimcrypt accounts file mostly to Firefox accounts, and over time, my local passwords are becoming out of date, since they are being managed by Firefox.

I struggle to maintain which accounts I have 2FA with. I struggle to keep track of what App passwords are being used by my mobile for example and if they should be rotated. RE 2FA I struggle to maintain the recovery codes.

I don’t think I use biometric meaningfully anywhere. Face ID is just a convenience functionality on Apple IOS to save typing in a password?

I think my setup is too complex for any trusted member of my family (or friend) to recover my data with, in case of an accident.

As for my family’s security practices. I think it’s pretty bad and tbh I’m struggling with my own issues, so I don’t want to get too involved.

Things I think I’m doing well with

I try not to use my Singapore number for anything, but some services esp like banks in Singapore force me to use it.