by Dave Moore, CISSP
01/02/2022
Last week, we looked at why you should not store a wide open, anyone can read it file on your computer or phone that contains the username, password and security questions for every online account you have.
Uh-oh; does that describe you? If it does, please get online and read Part One of this column. Then, come back here and continue reading.
Now you understand why you should not store a file that contains your passwords on any Internet-connected device. Instead, you should store those, and other important files, on an encrypted removable device like a flash drive, that is only plugged in when needed, and disconnected from the Internet when it is not.
Let’s look at two, easy-to-use encryption methods: 7-Zip for Windows PC’s and Apple’s built-in “Finder” program for Macs.
First, you will need some flash drives that will be used only for encrypted file storage, and nothing else. Flash drives are cheap; I literally buy them by the dozen. They don’t need to be super high-capacity drives, either. All we will be storing are documents, files containing user names and account passwords. It’s also a good idea to store financial, tax and medical documents this way, also. Still, those will usually be small files. Right now, 32 and 64 GB USB 3.0 flash drives are selling at Best Buy for $8.00 each. Get three or four of them.
You will also need to invent a Master Encryption Password (or, “key”). The same rules apply here as for email and banking passwords: they need to be long. Some folks would say “very long.” The strength of your encryption method depends on how long your password is; I cannot emphasize this too much. You can use “passphrases” that contain actual words, if you like, but they need to be long, and not make any sense. “Maryhadalittlelamb” is no good; it’s too short (18 characters) and too easy to guess. “Buckettrainbananatablejackcoffee” is way better at 32 characters, and not very guessable. It could be easily memorized, but be sure to write it down anyway, and hide it somewhere.
7-Zip on a Windows PC is easy to use. Visit the website www.7-zip.org, click on the Download link for “64-bit x64” (which suits most folks) and save the file. Locate the file you just downloaded and saved, double-click it, and the 7-Zip program will install.
Next, copy individual files or folders you want to encrypt to the flash drive; you can do both. Right-click on a file or folder, move your mouse pointer to 7-Zip and select “Add to Archive.” It will assign the item the same name, with “7z” at the end. Select Compression Level 5 Normal. Enter the password twice in the requisite boxes, select Encryption Method AES-256, check the “Encrypt File names” box and click OK.
That’s it. You have now protected your critical information with a highly secure form of encryption. You can delete the original files, and leave just the “7z” file. To access it, right click, move your pointer to 7-Zip and select Open Archive. Enter the Master Password, click OK, and the item will open in the 7-Zip file manager. You can view and modify your files however you like, save them back to the 7z location and they will still be encrypted. It’s that easy.
Those with Apple Macs can do the same thing, but instead of encrypting individual files and folders, you will encrypt the whole drive. Make sure the drive is empty, and then prepare it by clicking “Go” in the Finder toolbar at the top. Select Utilities, and then, Disk Utility. Click “View” in the upper left corner of Disk Utility and set it to “Show All Devices.” Select your USB drive on the left, and then click the Erase option in the top middle area.
Change the name to something like “Encrypt” and make sure to select “Mac OS Extended (Journaled)” for the Format type, and “GUID Partition Map” for Scheme. Next, click Erase. It make take a few minutes, but eventually it should say Operation Successful. Click Done, Close Disk Utility, and the Utilities folder.
The icon for your drive and its name should appear on the Desktop. Put your pointer on top of the drive icon, hold down the Control key and click. Select Encrypt from the menu that appears. Enter your ridiculously long Master Password twice, put in a Password Hint and click Encrypt Disk. The disk icon will disappear, and then reappear when it’s done. Drag the disk icon to the Trash and unplug the drive.
Now, after you reconnect the drive, you will be asked for the Master Password. Enter it, but do not, I repeat, do not select “Remember this password in my keychain.” From now on, all files you transfer to the drive will be protected, and nobody (including you) will be able to read them without the Master Password.
Pretty cool, huh?
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org