Securing Laptop for Trustee Administrattor

Topic

New Reply

Considering setting up a spare laptop to provide to the administrator of my trust with financial information including bank accounts, credit card and other sites of importance. Passwords to be kept in a small notebook separate from the laptop.

It is a spare machine that I have no intent of using other than to keep Windows 11 updated.  Just wondering if this is a good strategy and are there any helpful hints to make this as safe and secure as possible. Thanks

Reply | Quote

Replies

Is there a particular reason you want to setup a dedicated laptop? (I mean, other than just the fact you happen to have a spare one.)

My strategy is to store all that type of info on a USB flash stick, including digital copies of the trust, deeds, bank statements, insurance plans, pre-paid funeral contracts, etc. My aim is to create a quick, one-stop resource for the administrator to come up to speed on what type of documents he/she will need to be aware of. The USB stick even includes “portable” browsers already configured with bookmarks to relevant websites.

The USB stick is Veracrypt encrypted, and duplicate sticks are stashed in my filing cabinet at home and in my bank safe deposit box. My administrator and my children have the Veracrypt password, so they will be able to get at the information on the USB stick when the time comes.

 

Reply | Quote

Or stick them all in a KeePass database on a USB stick. You can even include KeePass.
Give them the password in a sealed envelope, or email it to them via a service like Dead Man’s Switch.

cheers, Paul

1 user thanked author for this post.

TechTango

Reply | Quote

Thank you both for your input.

The spare laptop is the exact reason why I thought about the dedicated machine. With a browser bookmarked with the necessary sites all setup for the admin seemed to me to be uncomplicated. Credit card info, time sensitive subscriptions all in one location and all notated in the calendar.

I do not keep passwords on any PC I have ever owned. Archaic though it may be, manually on my Rolodex as I have since the 90’s. My filing cabinet also contains all current bills, receipts, insurance policies…

I have legal docs in a safe. I appreciate the USB stick approach that’s why I inquired here because I know I would receive some fine ideas other than my own.

 

Reply | Quote

If your filing cabinet, safe, and Rolodex solution is still satisfactory to you, then it sounds like the only extra benefit a dedicated machine would be providing is “a browser bookmarked with the necessary sites all setup for the admin”. That’s easily achieved with a portable browser on a USB stick — which I’d hazard to guess your administrator would probably prefer to hassling with an unfamiliar, dedicated machine.

There are portable versions of Chrome and Firefox, as well as an assortment of some of the browser forks. These simply download and extract to a folder, which could be stored on a USB stick. Then just plug in the USB stick, open the folder and double-click the .exe to start the browser in a self-contained instance with its own bookmarks. You can even do this on a machine that already has non-portable versions of the same browsers installed (though I wouldn’t recommend trying to launch both the portable and non-portable at the same time).

And if you’re not storing any of your passwords in the browser, then the USB stick doesn’t even need to be encrypted, so you can skip Veracrypt.

If the stick will hold any sensitive info, though, you’ll want to encrypt it … and note there’s even a portable version of Veracrypt, which you can store right on the USB stick so the user won’t be required to install it on their personal machine.

 

1 user thanked author for this post.

PeachesP

Reply | Quote

I know why I’m glad I come here. I had no idea about portable browsers probably because I had no need.

This thread has been invaluable to me. TY

 

Reply | Quote

Setting up a portable browser and then not touching it for a long time may mean you have a virus magnet when you do use it.

I would save the bookmarks in a bookmark file on the USB. They can be opened in any browser.

cheers, Paul

Reply | Quote

Where possible – have the administrator have their own username and password and be a supported additional user on whatever account it is. Don’t give them your account info unless absolutely necessary.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

PeachesP, dg1261

Reply | Quote

A portable browser is not likely to have a long life span. Same for bookmarks, as websites get re-designed over time. The domain name is pretty much the only thing that can be trusted to still exist years down the road. Other thoughts on the subject:
Plan for our death
https://defensivecomputingchecklist.com/death.php

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote

A problem with using a USB stick as a one-stop resource for the administrator is updating it when life or passwords change.

Another option is to create an account with a secure file storage company, such as Proton Drive, Sync or Tresorit. These companies can not read your files. Use this account for nothing else but your end of life documentation. More here about secure file storage

https://defensivecomputingchecklist.com/SecureFileStorage.php#neverread

As for a USB stick, Veracrypt might be too advanced for a non-techie to deal with. I like the suggestion above to use a Keepass compatible password manager that stores data in a KDBX file. This can be opened in many different operating systems. FYI: you can also store images in a KDBX file and maybe have different KDBX files for different people.

The down side of keeping passwords on paper is that all your eggs are in one basket. Every now and then, I suggest xeroxing the password papers and storing the copies outside your home, the farther the better.

 

Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com

Reply | Quote