Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggested updates to data security guidelines #3

Open
1 task
MRuzzante opened this issue Mar 13, 2020 · 2 comments
Open
1 task

Suggested updates to data security guidelines #3

MRuzzante opened this issue Mar 13, 2020 · 2 comments
Assignees
@kbjarkefur

Comments

@MRuzzante
Copy link

MRuzzante commented Mar 13, 2020
edited by kbjarkefur
Loading

Following up the bootcamp, there are couple of things in https://github.com/worldbank/dime-standards/blob/master/dime-research-standards/pillar-4-data-security/data-security-resources/password-manager-guidelines.md you guys could update.

  • Emergency Access is only available with LastPass Premium and LastPass Families

Also, in https://github.com/worldbank/dime-standards/blob/master/dime-research-standards/pillar-4-data-security/data-security-resources/veracrypt-guidelines.md, before point 8., you could include the recommended Encryption Options to use:

image

Finally, it would be nice to have some guideline on how to tailor the iefolder-like master do-files to point to the VeraCrypt volume and prompt the user to mount it any time she runs a do-file containing encrypted data.

Cheers!

Edit (3/13) by @kbjarkefur :
This does not happen in the browser extension, but on lastpass.com

I couldn't see the Remember Password button in LastPass, but I was asked by Google Chrome if I wanted to "save my password for this site" so perhaps you can mention this as something to always avoid by picking "Never"
@kbjarkefur
Copy link
Contributor

Thanks for all of this feedback. All good points!

I am surprised that LastPass does not ask you to remember password. Are you looking at LastPass browser extension or at lastpass.com in your browser? Your veracrypt point came up yesterday and it was due to us having a slightly older version of veracrypt, but the LastPass web extension I re-installed recently.

Will add a note about that regarding lastpass emergency access. You can do your own version of this by sharing your masterpassword in a secure password item to the person you trust instead.

Your point about google chrome remembering password is important and we missed that. Thanks!

It is likely that there will be several resources we need to update to accommodate these new recommendations. iefolder is definitely one of them. We already got feedback from you guys that we will work in to those recommendations. No matter how much we test something, we will always learn new things when we make 40 people repeat our instructions.

@kbjarkefur kbjarkefur self-assigned this Mar 13, 2020
@MRuzzante
Copy link
Author

You are right, @kbjarkefur! Was looking at https://lastpass.com/?ac=1&lpnorefresh=1, which is interestingly different from the browser extension...

Anyway, the materials were great and looking forward to seeing this embedded in the DIME data workflow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kbjarkefur kbjarkefur

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kbjarkefur @MRuzzante