- Passphrase Best Practices
- Edit on GitHub
All SecureDrop users—Sources, Journalists, and Admins—are required tomemorize at least one passphrase. This document describes best practices forpassphrase management in the context of SecureDrop.
General Best Practices
Do memorize your passphrase.
If necessary, do write your passphrase down temporarily while youmemorize it.
See AlsoWhat is a Seed Phrase? Understanding The Key to Secure Crypto Storage - INX One PlatformPolkadot SupportCOLLECTION, STORAGE AND TREATMENT OF TREE SEEDSOne seed phrase for various chains, how does this work?Caution
Do store your written passphrase in a safe place, such as asafe at home or on a piece of paper in your wallet. Dodestroy the paper as soon as you feel comfortable that you havethe passphrase memorized. Do not store your passphrase onany digital device, such as your computer or mobile phone.
Do review your passphrase regularly. It’s easy to forget a long orcomplex passphrase if you only use it infrequently.
Tip
We recommend reviewing your passphrase (e.g. by ensuring that youcan log in to your SecureDrop account) on at least a monthly basis.
Do not use your passphrase anywhere else.
If you use your SecureDrop passphrase on another system, a compromise of thatsystem could theoretically be used to compromise SecureDrop. You should avoidreusing passphrases in general, but it is especially important to avoid doingso in the context of SecureDrop.
For Sources
Your passphrase is associated with your pseudonymous account and all of youractivity on the SecureDrop server. In order to preserve your anonymity, youshould avoid creating physical or digital associations between yourself and yourpassphrase as much as possible.
For Journalists/Admins
While Sources only have one passphrase that they are required to manage,Journalists and Admins unfortunately have to manage a veritablemenagerie of credentials.
We have tried to minimize the number of credentials that Journalists andadmins actually have to remember by automating the storage and entryof credentials on the Tails workstations wherever possible. For example,a dedicated SecureDrop Menu is provided on each Tails workstation to make iteasy to access the onion services without having to look up their.onion
addresses every time.
Ideally, each admin would only have to:
Keep track of their Admin Workstation Tails USB.
Remember the passphrase to unlock the persistent storage on that Tails USB.
And each Journalist would only have to:
Keep track of their Journalist Workstation Tails USB.
Keep track of their Secure Viewing Station Tails USB (and the associatedSecure Viewing Station computer).
Remember the passphrases to unlock the persistent storage on both of theseTails USBs.
Memorizing further passphrases beyond the ones listed above is counterproductive:an attacker with access to any of those environments would be able to pivot toanything they wish to access, and increasing the burden of keeping track ofadditional credentials is unpleasant for journalists and admins andincreases the risk that they will either forget their credentials, compromisingthe availability of the system, or compensate for the difficulty by using weakor reused credentials, potentially compromising the security of the system.
There is a detailed list of the credentials that must be managed by each enduser role in Passphrases. We recommended using the KeePassXC passwordmanager included in Tails to store your credentials and minimize the passphrasesthat you need to memorize to just the passphrases for the persistent storage onyour Tails USBs.
For the Transfer Device and the Export Device, which are used to copyfiles to and from the air-gapped Secure Viewing Station, we recommend usingencrypted USB drives with passphrases stored in the journalist’s own passwordmanager (preferably one which is accessible on their smartphone). This ensuresthat the journalist will have quick access to these passphrases when they needthem.
If your organization is not using a password manager already, please seethe Freedom of the Press Foundation guideto choosing one.