Tags » infosec

Tidying up my 1Password

A robot leaked my SSH keys

A cautionary tale of a daft incident where I leaked a set of SSH keys to GitHub.

Beware of logged errors from subprocess

If you use Python’s subprocess module, be careful you don’t leak sensitive information in your error logs.

Beware of incomplete PDF redactions

If you’re not careful when redacting PDFs, it’s possible to share more information than you intended.

How I use the notes field in my password manager

I use notes as a mini-changelog to track the context and history of my online accounts. I write down why I created accounts, made changes, or chose particular settings.

Use keyring to store your credentials

If you need to store passwords in a Python application, use the keyring module to keep them safe.

The passwords I actually memorise

Password managers promise you only need to remember one password, but I keep eight of them in my head to avoid a single point of failure.

Where I store my multi-factor recovery codes

Most services give you MFA recovery codes but don’t tell you where to store them. I use an encrypted disk image and a simple HTML file.