
Ask HN: Where do you store your sensitive info? - jyu
I use multiple laptops for both personal and business use. How do you keep track of credit cards, passwords, and your online accounts in general?<p>Right now I store it on DropBox, or my inbox, but that doesn't seem very secure.
======
pasbesoin
KeePass gets good comments. (IIRC there's a Linux version, I don't know how
kludge-y.) Bruce Schneier (security guru / blogger) uses something similar
(though I don't know that he tosses the data files out onto shared storage).

In the past, some people have commented about placing a TrueCrypt volume-as-
file on DropBox. Apparently performance and storage consumption were, per
them, not as bad as one might think. (Think about the potential implications
of the version history that DropBox provides by default.)

There are some other programs, including some text editors, notepad type
editors, and "personal wiki" programs that offer to save to an AES or Blowfish
encrypted format. I imagine the correctness/robustness of their
implementations may vary.

Finally, if you just want to encrypt a file already disk, the well regarded
archive program 7zip (and others) includes an AES encryption/decryption
implementation. I don't know how its implementation is regarded. Note that,
under DropBox, this won't eliminate prior, unencrypted versions that are saved
by its versioning system.

Also, GPG and PGP are always around.

If you encrypt a pre-existing file, outside of the DropBox context it's a good
idea to encrypt to a fresh copy, then securely wipe the original.

EDIT: Depending upon what is being used for encryption, the DropBox versioning
might itself represent a weakness. I'm not qualified to speak to such topics
-- just imagining.

~~~
metachris
I can highly recommend KeePassX for Linux. It's just to store logins - but for
that it's a great piece of software: Intuitive UI, fast and easy to use, and
it's easy to manage a large number of logins with multiple folders.

<http://www.keepassx.org>

------
AmberShah
We use Password Safe <http://passwordsafe.sourceforge.net/> in DropBox shared
between my husband and myself.

------
0x5a177
At work I use KeePassX across Mac, Windows, and Linux systems and it does the
job fine.

At home I really like 1Password for the Mac except that the version I have
doesn't work with Safari 5 or Chrome.

For secure files on my Mac, I keep a password-protcted & encrypted
sparsebundle disk image in Dropbox. You can create one using Disk Utility.
It's really handy and always backed up.

I can't speak to proving the security of these solutions but work for me
otherwise.

------
yapeo
KeePass is great but I really like my ironkey (<http://ironkey.com>) . It is
encrypted at a hardware level and is very easy to use. Trucrypt works but
requires some setup and "work". If I lose my ironkey it isn't a probelm, i
just purchase another and do a restore. The data is secure and the drive will
self-destruct if tampered with or an invalid password is used.

------
whakojacko
Not passwords persay, but all my important personal information (bank account
#s, tax forms, copies of important documents) are stored in a truecrypt-ed
file in about 5 different places (Dropbox, laptop, server, usb key, cd). Yes,
updating it is a pain, but I do it so rarely its not a huge deal.

------
adamfeldman
I'm a huge fan of 1Password. It's a Mac desktop app with iPhone and iPad
versions. Syncing is done via Dropbox.

A Windows version just entered beta.

<http://agilewebsolutions.com/products/1Password>

------
freejoe76
I store passwords in my head, or if need be, with the PassPack site (
<http://passpack.com/en/home/> ).

------
Reedge
I use roboform (on iphone and desktop)

