dime-standards icon indicating copy to clipboard operation
dime-standards copied to clipboard

Published 20 hours ago verified publisher icon worldbank

Suggested updates to data security guidelines

Open MRuzzante opened this issue 4 years ago • 2 comments

Following up the bootcamp, there are couple of things in https://github.com/worldbank/dime-standards/blob/master/dime-research-standards/pillar-4-data-security/data-security-resources/password-manager-guidelines.md you guys could update.

  • [ ] Emergency Access is only available with LastPass Premium and LastPass Families

Also, in https://github.com/worldbank/dime-standards/blob/master/dime-research-standards/pillar-4-data-security/data-security-resources/veracrypt-guidelines.md, before point 8., you could include the recommended Encryption Options to use:

image

Finally, it would be nice to have some guideline on how to tailor the iefolder-like master do-files to point to the VeraCrypt volume and prompt the user to mount it any time she runs a do-file containing encrypted data.

Cheers!

Edit (3/13) by @kbjarkefur : This does not happen in the browser extension, but on lastpass.com

I couldn't see the Remember Password button in LastPass, but I was asked by Google Chrome if I wanted to "save my password for this site" so perhaps you can mention this as something to always avoid by picking "Never"

MRuzzante avatar Mar 13 '20 17:03 MRuzzante

Thanks for all of this feedback. All good points!

I am surprised that LastPass does not ask you to remember password. Are you looking at LastPass browser extension or at lastpass.com in your browser? Your veracrypt point came up yesterday and it was due to us having a slightly older version of veracrypt, but the LastPass web extension I re-installed recently.

Will add a note about that regarding lastpass emergency access. You can do your own version of this by sharing your masterpassword in a secure password item to the person you trust instead.

Your point about google chrome remembering password is important and we missed that. Thanks!

It is likely that there will be several resources we need to update to accommodate these new recommendations. iefolder is definitely one of them. We already got feedback from you guys that we will work in to those recommendations. No matter how much we test something, we will always learn new things when we make 40 people repeat our instructions.

kbjarkefur avatar Mar 13 '20 18:03 kbjarkefur

You are right, @kbjarkefur! Was looking at https://lastpass.com/?ac=1&lpnorefresh=1, which is interestingly different from the browser extension...

Anyway, the materials were great and looking forward to seeing this embedded in the DIME data workflow.

MRuzzante avatar Mar 13 '20 18:03 MRuzzante