How to protect your Private.Ki passphrase
With your passphrase, your encryption keys are safeguarded. You might skip the passphrase or use the questions challenge instead. But in case you set up a passphrase, it's important to not forget it and to keep it safe at all times:
Make it Strong and Unique: Your Private.Ki passphrase should be long and unpredictable – ideally a series of random words (a passphrase) or a complex string, not something like your name or a common phrase. This protects against brute force attempts if somehow someone got hold of your encrypted key data.
Use a Password Manager: It's tough to remember very long passphrases. Consider storing it in a reputable password manager (which itself is encrypted and secure). This way you won't lose it. You could also write it down and store in a secure location (safe deposit box, etc.) if you trust physical security. Best is to not store it anywhere and to not write it down, but just to remember it.
Do Not Share It: Obvious but worth stating – don't give your passphrase to anyone. Private.Ki staff will never ask for it. If someone asks you for it, it's 100% a scam. Keep it secret like you would any password or even more so, since it's the keys to all your emails.
Avoid Reusing: Don’t reuse your Private.Ki passphrase on other accounts (and vice versa). If another service gets breached, you don't want that to help someone get into your encrypted email. Also, if your login password is the same as your passphrase, it reduces security massively. So better to differentiate them.
Enable 2FA: This is more about protecting your login; indirectly it protects passphrase usage because attacker can't even log in to attempt guessing passphrase easily. But specifically, 2FA doesn't affect passphrase decryption – just an overall tip for account safety.
Be Mindful of Keylogging: When you enter your passphrase (especially on public or untrusted computers), be careful. A compromised device could capture it. So ideally only login on devices you trust. If you suspect a computer might have malware or a virus, avoid logging into Private.Ki there because the malware or virus could attempt to get hold of your passphrase while you're typing it - a risk that is unfortunately out of our control.
Change it periodically (with caution): It's not required to change often if it's strong and not compromised. Actually frequent changes can lead to weaker choices. But if you suspect someone might know it or you had to type it in a suspicious environment, then change it. Use the change passphrase feature promptly.
Attacker Scenarios: If you suspect your passphrase might have been seen (e.g., someone shoulder-surfed you, or there's a chance a keylogger was on a PC you used), change it as soon as possible when on a safe device.
Phishing Awareness: We, Private.Ki, never ask for your passphrase in emails or any outside-of-app context. If you get an email or call asking for it, it's fraud. Don't answer.
Multi-Device usage: If you use multiple devices, you'll need to input passphrase on each. Just ensure you're in control of those devices.
Basically, treat the passphrase with the same caution as a physical safe key: it's solely in your care. Don't share it with anybody.