by Dave Moore, CISSP
12/26/2021
Here’s hoping you are not like many people I meet all the time. They have committed the Number One Sin of computer file management: they have a wide open, anyone can read it file on their computer or phone that contains the username, password and security questions for every online account they have; banking, shopping, medical, you name it. It’s usually in the form of a Word document or Excel spreadsheet, named something like, “My Passwords.”
Some folks go even further, including other juicy tidbits like Social Security numbers, credit card and bank numbers, driver’s license and passport information, investment and retirement account details, product keys for software they’ve purchased, and on and on. Everything they might have to enter into an online form or password login box is there.
Yes, everything is wrapped up in a nice, tidy package, ripe for the picking. The reasons why you should not have a file like this on your computer should be obvious, but let’s review them, anyway.
The professional organized crime cartels and career criminals who plunder the Internet for a living have nothing better to do each day, every day, all day and night, than to figure out ways to steal from you. They are very good at it, and steal massive amounts of money every day. Having an easily accessible file containing all your important online information sitting unprotected on your computer is like leaving all your doors and windows open and then leaving the house for a week; not a good idea.
So, what to do? The “My Passwords” file makes everything so convenient. You simply copy and paste your login names and passwords as needed, and you’re done; EZ-PZ. That’s the wrong approach to the situation, though. If the number of online accounts you have is so onerous that you can’t cope with them otherwise, you should be using a password manager like Dashlane, which encrypts your passwords.
Even so, you still don’t want to be storing your master passwords list and other sensitive files on any device, phone, computer or otherwise, that has Internet access. Networks are hacked and computer files are stolen every day. You want to store them on a removable device, like a USB flash drive. You plug it in when you need it, and you disconnect it from the computer (and, the Internet) when you don’t. You also store your critical files in a way nobody else can read them: encrypted.
Encryption is a process that turns your file’s information into scrambled gibberish that can only be “de-crypted” using your Master Encryption Password (sometimes call your “key”). If a person does not have the Master Password, they will not be able to read your files.
Used to be, not that many years ago, encrypting files, folders and drives was best left to computer nerds and rocket scientists. The process was often tedious, overly-technical, cumbersome and confusing. Fortunately, things have improved considerably since then. There are strong encryption methods available that anyone can easily understand and use; no rocket scientist degree required. Next week, we will look at my two easy-to-use favorites: 7-Zip for Windows PC’s, and Apple’s own built-in tools for Macs.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org