Tier 6 - Extreme Privacy

Implement the highest level of privacy and security measures for your most sensitive activities and data.

Hardware Security Keys for Two-Factor Authentication

Hardware security keys provide a more secure form of two-factor authentication compared to SMS or app-based methods, as they are resistant to phishing and man-in-the-middle attacks.

  • YubiKey - A popular hardware security key that supports multiple authentication protocols, such as FIDO2, U2F, and smart card.
  • Thetis - A compact, durable, and water-resistant hardware security key that supports FIDO2 and U2F standards.

Use hardware security keys for your most critical accounts, such as email, banking, and encrypted storage, to ensure the highest level of authentication security.

Full Disk Encryption

Encrypting your entire hard drive or solid-state drive ensures that all data on your device remains secure, even if the device is lost, stolen, or confiscated.

  • VeraCrypt - A free, open-source disk encryption software that provides strong security for your data on Windows, macOS, and Linux.
  • FileVault - A built-in full disk encryption feature for macOS that secures all data on your startup disk.
  • BitLocker - A full disk encryption feature built into Windows 10 Pro, Enterprise, and Education editions.

Enable full disk encryption on all your devices, particularly those containing sensitive data, to protect your information from unauthorized access.

Physically Isolated Computer for Sensitive Activities

Using a dedicated, physically isolated computer for your most sensitive activities helps minimize the risk of data leaks and malware infections from your everyday computing devices.

When setting up a physically isolated computer:

  • Use a separate, dedicated machine that is not connected to the internet or any networks.
  • Ensure the computer has no wireless connectivity capabilities, such as Wi-Fi or Bluetooth.
  • Use a fresh, clean installation of a secure operating system, such as Tails or Qubes OS.

Reserve this isolated computer for only the most sensitive tasks, such as working with confidential documents, managing cryptographic keys, or accessing highly secure systems.