Skip to content

Data Security

Password

In general, for password you should use mixture of capital/small letters, numbers and symbols. Be careful about those ambiguous characters: l (ell), 1 (one), I (capital i), O (capital o), and 0 (zero).

Good practice for password

  • Use a password manager, set a master password by yourself. See good examples below.
  • For each app/website, use password manager to generate different user names and passwords.
  • Setup the two(multi)-factor-authentication (2FA) for all of your account as possible.
  • Use passwordless login (passkeys, biometrics, and etc.) as possible. See passkeys below.

Recovery Code

You should put the recovery code of the password manager to somewhere you can easily find.

Examples of password manager
  • Bitwarden, an open source password manager, and it supports all main stream OS. You can also use it in web browser. You can self-host this service.
  • Apple Passwords, app only available on Apple devices, but you can install it as extension on your web browser.
  • 1Password, a cross-platform password management tool. Subscription is needed.
  • Microsoft Authenticator, it supports most main stream OS and mobile device except Linux. For desktop OS, you can install it as extension on your web browser. You can find more examples in Awesome Mac repository.
Passkeys

You can use Passkeys to login passwordless to reduce the risk of password leaking from incidence such as data breaching. This function is available in most password managers, but it needs support from the remote machine as well. Currently, most big service providers supports Passkeys: Github, Google, Microsoft, Apple, and Amazon.

SSH key authentication

Except password, you can use SSH key to authenticate your login. You can use ssh-keygen to generate ssh keys. It can be used for servers, remote computers, and repositories (Github and Gitlab). Basically, you need to use ssh-keygen to generate a set of public key (id_rsa.pub) and private key (id_rsa). The content of public key can be added to the remote folder ~/.ssh/authorized_keys and the private key is put in local folder, e.g., ~/.ssh/id_rsa. You can also use ssh-copy-id for this purpose: ssh-copy-id -i ~/.ssh/id_rsa.pub user@host.

Best practices of SSH keys

Have one key per user per machine. That's the most secure approach, because it means you can remove access from one machine independent from the other, such as if one machine is lost or stolen.

Passphrase

You should set a passphrase for your SSH keys when you generate them. Otherwise if you leaked your private key, the remote machine will also be compromised. You can always add a passphrase to your private key. 

ssh-keygen -p -f ~/.ssh/id_rsa

You can save the parameters of the remote machine in ~/.ssh/config. Below is an example of ~/.ssh/config: 

Host nushpc
        Hostname atlas9.nus.edu.sg
        User my_user
        IdentityFile ~/.ssh/id_rsa
Then you can use ssh nushpc to login.

GitHub authentication

You should add your ssh public key (e.g. ~/.ssh/id_rsa.pub) to your GitHub account under settings. Follow the instructions on this page.

Backup your data

You can store your data on your own laptop/desktop machine. University also provides free access to some cloud service such as OneDrive (1 TB). You can also use Github to store your repository. (files smaller than 100 MB). Below are some more tips about backup:

  • "3-2-1 rule": 3 copies of your data (your production data and 2 backup copies) on two different media (disk and tape) with one copy off-site for disaster recovery.
  • The most important data should be backup to a cloud service (Github, OneDrive, etc.)
  • Large files that can be easily reproduced, e.g. wave functions and charge densities, should be excluded in backup process.
  • App files that you can always redownload should be excluded in your backup.

File permission in Linux

You can refer to this page for detailed information.