|
|
|
|
|
|
by user3939382
1955 days ago
|
|
|
My threat model is focused on remote attacks, I consider physical access to my workstation game over. So one stays on my keys, one on my wife’s keys, and one stays plugged into my workstation. If I’m enrolling the keys with a given service I make sure to add or remove all three at the same time so I don’t have to track which is associated with different accounts. |
|
|
In this case though, full-disk encryption and TPM usage is the mitigation - provided the disk goes dead when anyone short of a nation-state tries to manipulate it, you're good.