I am trying to set up a offline encrypted space for storing pins ,banking info etc.
(Bought a laptop for this purpose)
The intended user is an older digitally challenged person, so i need a simple but very secure solution.
After a lot of reading i am not getting any further with this.
I find conflicting and hard to implement info regarding opening a encrypted container with a (bio) key.
What i had envisaged is this: use a bio key to either access a ( veracrypt/ luks) encrypted drive and then a encrypted file/container.
So a long passphrase is communicated to the application.
I cant find a foolproof solution.
I’d really appreciate any advice.
This is a terrible problem to have on Windows (or any platform for that matter).
I would advocate for something more simpler and familiar to the elderly such as a physical notebook to put passwords and login info on. No sane burgler usually steals random notebooks unless the burgler knows there are user credential in them…
A physical notebook is unsuitable; very low risk as you rightly said, but the possible consequences could be very severe.
I might drop the biometrics idea,
Maybe WDE with a passphrase which can be constructed from, say, every nth word from a certain page in a book.
Looking at my own bookcase. hundreds of books, all i would need is knowing which book, and either write down the page number or place a marker in this ( and other books).
A notebook is literally the best security you’ll get from an old person. If the old person was competent at digital security then they wouldn’t need your help, and would be mocking you for all the digital breadcrumbs you leave. Don’t speak the hacking boogeymen to them, they were there when the movie Sneakers came out in theatres.
They know how to keep paper notebooks secure lol. That’s the threat scenario most of them grew up with (lock up your important paperwork).
The better strategy is to harden them to phishing and social attacks. Get the Microsoft edge browser and let Microsoft security hand hold them as they browse the internet. Sign up for all the Windows Defender options. “Have windows scan your personal files for viruses?” Yes please. Get a micro yubikey that stays on their computer, show them how to tap it when websites request two factor. Have their phones block all phone calls from unknown numbers. Sign them up for do not call and do not mail lists. Gather up all junk mail contact the businesses telling them to fuck off (add plenty of swear words). Video call them because they want to see your face, and you don’t call enough.
This is quite true and worth noting that paper was the way it was handled typically locked up in a safe, lockbox or hidden away somewhere only they knew.
