[sedatk]

This is one the main problems with our approach to information security: we disproportionately prioritize protection of our data against theft/law enforcement/rogue bigtech employee over losing it in any other way. That's why many have lost their thousands of bitcoins, because they secured their keys so hard against theft that their data has eventually become unrecoverable despite that there'd be no thief, officer, rogue employee perhaps for a decade.

People who advise not using cloud for backups, suggesting cold wallets and whatnot as blanket advice have been harmful by giving way to the orders of magnitude more likely but the catastrophic scenario that is simple data loss.

Some people bash on Microsoft for backing up your drive encryption keys in the cloud for example, but it's the most common failure mode they're trying to address. No thief would access your cloud, no state-level actor would be deterred by lack of cloud (see: xkcd wrench), no rogue employee could make use of your hard drive encryption keys.

Get your priorities based on your threat model, and get your threat model right, people.

[NoPicklez]

Having encrypted data I wouldn't say is disproportionately prioritising protection over losing it in another way. The person simply forget what was a long password, something that most security conscious people would have figured out by storing it in a password vault.

However I do agree that "going alone" with security can make us the victim of our own fragility. I can see this happening in the new blockchain world of decentralisation. If I lose my Bitcoin wallet or lose the password, who can I speak with to validate my identity? Nobody. Currently, I can go to the Bank and validate myself with other forms of ID to access my account, but with Bitcoin it's all on me. Imagine losing your entire life savings because you forgot your password or access to your email account.

This is where centralising certain things works for the overwhelming majority of the population. That's not to say that those systems work perfectly, but they are vetted and have laws and regulations to protect us.

[TeMPOraL]

> something that most security conscious people would have figured out by storing it in a password vault.

Whatever that is if not another system protected by long password you're likely to lose, or that might bitrot past the point of recovery.

[dist1ll]

Any security-conscious person backs up their password manager.

[TeMPOraL]

A lot of things get done asymptotically close to the True Scotsman singularity.

[maccard]

Stored encrypted of course with a long password...

[dist1ll]

My response was in regard to the bitrot argument.

[TeMPOraL]

Backing up software isn't going to help against it bitrotting away.

[raverbashing]

> "with our approach to information security"

Yeah, especially here on HN you hear about people not thinking about threat models. And yes, Denial-of-service by forgetting the password or having it inaccessible is a threat model

That's why I just laugh at the people who think putting everything in a password manager is the best way. It is good, but you need to understand your cases/threats and risks

Sometimes writing it in a piece of paper is the best solution

[ghaff]

Writing passwords on a sticky note on the bottom of your keyboard in an office is obviously a bad practice. A unique string password on a piece of paper in a drawer at home only you would normally have access to? Not clear. And obviously you can hide things in a house more thoroughly than that with the risk that you get too clever.

[jchw]

I skimmed back the article after reading this comment, and I'm still not really sure how this follows. Of course you should always make redundant backups with parameters suitable for however much assurances you want to have that you will not lose data. However, I dunno if there's any particular evidence to suggest that data loss is the main concern here. I mean, I have a backup strategy for most of my data, but I'd choose to spend at least some time trying to avoid the need to restore a backup first. Plus, I don't think there's good evidence to suggest that data theft is not a huge concern for people. Inside this article is a link back to a previous article about a NAS vulnerability that allows anyone to change the password of the NAS and enable SSH without authentication. I dunno if it's the same vulnerability I remember from some years ago, but there was a pretty real situation where many WD MyCloud users had their data stolen and NASes wiped. (I actually had a thankfully-mostly-decommissioned MyCloud at the time and it did in fact get pwned.)

Backup strategies and good security posture is a "why not both" type of situation. It's harder than it should be, but sometimes that's the cost of doing business.

[sedatk]

Yeah my comment's tangential to the article. The problem there is that there is an FDE password in the process of securing your data that you can't backup reliably (Filippo misspelled the password). This would have caused the loss of an entire RAID drive for anyone, not for Filippo in this case obviously. Such a basic UX problem causes catastrophes.

Microsoft avoids that by backing up your key (not password) to a USB drive or even cloud first. There's no typo issue. There's no forgotten password issue.

[vladvasiliu]

> Microsoft avoids that by backing up your key (not password) to a USB drive or even cloud first. There's no typo issue. There's no forgotten password issue.

The issue is that now the forgotten password moves to the cloud, especially since Bitlocker is activated automatically, without notifying the user, when an MS account is used. So regular Joe probably has no idea his drive is encrypted.

And since MS also push for authenticating to the account by using the TPM combined with a fingerprint / webcam / PIN, if you can't use your laptop (which is likely the case if you can't remember the unlock password – which you've probably never knwon was even a thing to begin with) you're pretty much SoL if you can't remember the cloud password – which you haven't used in months, possibly.

I think the old, manual way of activating BitLocker was best, where they tried to coax you into backing up that key someplace.

[Godel_unicode]

> manual way of activating BitLocker

That method lead to tons of people not using it. It also lead to tons of drive lockouts due to people not knowing the password and not backing up the key. Good security is transparent to the user, making the user do things makes them insecure.

There are a ton of authentication options for a Microsoft account that aren’t passwords (they are the “passwordless” people after all). You can set up as many as you want (and will be nagged about it until you do!). Install Authenticator, configure whatever your phone offers for biometrics to unlock it, and get on with your day.