Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

At a high level

The attacker we are modeling for will only manage to steal secrets they can access from your machine. They can't steal what is not there or can't be reached from it.

The majority of the requirements and recommendations in this handbook will diligently work in that direction: By ensuring your machine holds as few secrets as possible (ideally none!). Then, multi-factor authentication through external wallet keys will do the rest.

What does this mean in practice?

No cryptographic keys

You MUST NOT, under any circumstances, store cryptographic keys or wallet seeds where an attacker can read them from your machine. You MUST NOT store them in a password manager, as files, images, etc. Instead, use hardware wallets.

Why?: An attacker compromising your device will not be able to steal cryptographic keys from it if they are not there.

2FA: Always and on hardware devices

You MUST enable two-factor authentication on any and all your accounts. The second factor MUST be a hardware device (e.g., your smartphone, or a security key).

Your organization will implement Single sign-on on as many services as possible. This way, you will only need to handle one account (e.g., for Google Workspace).

Why?: An attacker who compromised your device might be able to get your passwords, but they won't be sufficient without second factor (which will NOT be on your device, but on separate hardware).

Separate devices for work

You MUST use a separate device exclusively for work.

Why?: So that an attacker cannot compromise your personal accounts if they manage to compromise your work device.