Problem:
By default, if a 3rd party resets my windows password they gain access to my windows account and to everything available on seafile. (Even if I protect my local copies of seafile files via EFS, they could still re-download the files to another location.)
If there is a file, config, or authentication token somewhere I’d like to encrypt it with Windows’ EFS because this will nuke seafile access if my windows password is reset (not changed). (On windows password reset access to all encrypted files is lost). Where could I find these file(s)?
More details / what I have tried:
- Encrypting my entire OS drive is not a reasonable option for me. (It also doesn’t help if one of my family member’s admin accounts become compromised).
- My cloned files that are stored locally from seafile are encrypted, so that’s fine. (But the attacker could just re-sync the library elsewhere to get my data).
I have tried encrypting:
C:\Program Files\Seafile
C:\Users\<user>\ccnet
After resetting the windows password, seafile does not run (as expected, good!). But, if I re-run the client installer (with admin privileges), and select repair, seafile works again, and I’m still logged into the client. (bad )
So the seafile client authentication data must be stored somewhere I did not encrypt. Where do I need to encrypt? (If it’s even a file? o.o;; )