Actually, what you describe happens more often than one might think.
Typically, it’s nothing as attention-grabbing as the TrueCrypt shutdown, but I do regularly hear from people who have been using an application of some sort for some time and suddenly find that the company’s no longer in business and there’s no way to get an update. In some cases, that means they can’t migrate to current versions of their operating system if they want to keep running that now-unsupported software.
It’s something I consider when using important software. Depending on exactly what software it is we’re talking about, there are often approaches that you can use to protect yourself from potential obsolescence or disappearance.
I’ll give you one hint: it’s one of the reasons I moved from Roboform to Lastpass.
Become a Patron of Ask Leo! and go ad-free!
Export as backup
For utilities that keep important data in proprietary formats, like password safes such as RoboForm, LastPass and others, I believe it’s critical that they also support the ability to export your data into a common and simple file format. They should support exporting everything to a text file, or CSV file that can be read by Excel, or a PDF file that can be read just about anywhere.
That way, if something ever does happen to the utility or its ability to provide its functionality, you have – say it with me now – a backup.
Not only that, but a backup that’s in a standard file format that you might be able to use, or that could be imported into a replacement utility.
This is one reason I stopped using RoboForm. It’s a fine password management utility, and I still support using it, but when last I tried exporting it was exceptionally difficult. In LastPass, on the other hand, exporting to CSV is a menu item.
Unencrypted files as backup
With encryption utilities like TrueCrypt, the approach is a little different. TrueCrypt and utilities like it are tasked with encrypting or providing encrypted storage for important data files.
The approach to protecting yourself from the program “going away” is fairly simple:
- Keep a copy of the program that works. Presumably you can always use your older version to access your data. This has proven true with TrueCrypt.
- Backup your unencrypted data separately, using a different tool or mechanism. In the case of TrueCrypt, that means backing up the contents of a TrueCrypt drive or volume, not the encrypted volume itself.
As long as you have a copy of the files you need outside of the utility – albeit perhaps in a significantly less convenient format or location – then it’s no disaster if the utility actually stops working some day.
And as we’ve seen, the chances of it actually not working are slim-to-none as long as you keep a working version of the utility around.
Backups as security risks
“But Leo!”, I hear you saying, “We use tools like TrueCrypt and LastPass to keep things secure. Doesn’t keeping those unencrypted exports leave us just as vulnerable as not using the utilities at all?”
Well, sure, if you leave those unencrypted files where anyone can get at them.
Don’t do that.
To be clear: you must somehow secure those unencrypted backups. That could mean storing them offline in a secure location. It could also mean encrypting them with a different tool. If you, for example, encrypt your LastPass export using a tool like AxCrypt, then:
- everything remains secure
- you only lose access to your information if both tools become completely unusable (unlikely, as we’ve seen) at the same time (even more unlikely)
What I do
I follow my own advice, and do what I’ve described.
The unencrypted contents of my TrueCrypt and BoxCryptor encrypted files are backed up nightly. Some are backed up on servers that only I have access to. Others – the most secure information – is bundled into a .zip-like archive which is then encrypted using PGP public key encryption. (Those encrypted files are taken one step further and uploaded to backup storage in the cloud.)
You could do something very similar by just creating a password-protected .zip file of your TrueCrypt container’s contents.
I also periodically export my LastPass database1. That gets placed into a folder encrypted by BoxCryptor, which in turn gets backed up again using the technique I just mentioned above.
The practical risk
When it comes to popular and pervasive software like TrueCrypt or LastPass, my belief is that the risks are actually minimal. You probably don’t have to take the steps I’ve listed. (I do because my needs are probably above average, and I’m somewhat obsessive about backing up. :-) )
If the utility is destined to die, there’ll be lots of notice and you’ll be able to make other plans. Even though TrueCrypt’s demise was sudden, existing copies of the tool keep working, giving those so inclined plenty of opportunity to research and move to alternatives.
The real risks, in my opinion, are the smaller operators or software destined for a smaller market. There may not be an equivalent “common format” to export to, or the export functionality might not be a priority2. In cases like this, there’s little to be done, other than to stay on top of upgrades, if practical, or possibly keep a copy of the utility and an operating environment in which it works for as long as possible.
AxCrypt is great, but for archival purposes, I’d use zip format encryption. It’s a ubiquitous format which I expect to be around a long time after AxCrypt is no longer supported. The application may still be usable, but an encrypted zip file can be open by several applications, so if you have it saved in the Cloud you’d be able to download it with any computer which will very likely have a program installed which can open it such as 7Zip, WinZip, WinRAR or even Windows File Explorer. I expect one of these to be around for many years.
Good point. Just make sure you use recent version of zipping tools with adequate encryption. Early versions were less than secure.
I still use TrueCrypt not only to create encrypted containers for storing sensitive data on cloud services but also to encrypt the drives on all of my computers. My rational is that until learning that TrueCrypt has been compromised, it’s still secure. I trust Leo to keep me updated on such matters, including the 5 other technology newsletters to which I subscribe. :-)
I use and have used for years, RoboForm. I like the features it offers beyond the storage of passwords, such as creating secure passwords, and filling out forms that require name, address, etc. As to backing it up, believe it or not, I still use a PDA, a Palm Zire 72. RoboForm provides a program that syncs the stored passwords onto my Palm when I do a daily update, so if I add any new passwords, the stored Palm version is also updated. The Palm goes where I go, so if I use another computer, I can just look in the Palm and get the password from there. I recently bought a new laptop using Windows 8.1 an RoboForm works fine on it. I also like the fact that RoboForm has not followed the latest trend that makes you “rent” the program and pay a yearly fee for its use. Once you buy the pro version, it yours.
My neighbour who is clinging to an old version of Microsoft Money had the problem that this version does not run on any OS newer than Windows98. Yes, there is a newer version around, but he will not switch to that. Old habits, etc. So, to get him to change to a newer OS (Win7 at the time) I fixed this problem by creating a virtual Win98 machine with Money on it, – and nothing else – so now he is happy again. This approach can be used for any program that is not supported on new OS-es.
I had that same problem with MS Money when I went to Windows 7. Then I found on Microsoft’s website that they were giving away the latest version for free. They are no longer making it or supporting it so the online functionality no longer works but then my old version didn’t have online functionality, so I miss nothing. I don’t know is MS is still giving it away, but it’s worth checking the website.
I like MS Money better than Quicken so I run both and keep them current. I have messed up Quicken a couple of times since I was more familiar with Money. Quicken is getting more and more bloated, just like Money.
I did download both regular Money & the business version before they were taken offline. Don’t know if anyone has it online any more. I use the regular version. I was able to reinstall it in compatibility mode easily when I got a new laptop.
I MUST run it in compatibility mode in Win 7 X64 Home Premium. I do manual downloads from various banks, etc., since auto will no longer work. No problema.
It’s not just the small operators. Microsoft killed Front Page without providing an upgrade or export path. My friend has poured his soul into a huge site based on Front Page, and when there is no longer an OS it will run on, he will lose his reason for living.
Gord Campbell —
When you said “My friend has poured his soul into a huge site based on Front Page,” I wondered how you knew about me and when we became friends. ^__^
I still update my site, use Filezilla to upload changes, and see no reason I can’t keep doing this forever.
If it comes to the worst, the original data is on my computer. It will be painful — but possible — to copy/paste everything to a new application.
Or so it seems from here anyway.
(Tell your friend he’s not alone. And if he has a better solution, to please share it with me.)
Microsoft Money Sunset CAN still be downloaded from the MS Download site. I was curious and just downloaded it again in case my previous download gets corrupted.
I opened the latest newsletter and was reading and I thought – someone who thinks like me and then I realized it was my comment from an article about password keepers. It was very gratifying. Thanks and keep up the good work.
A simple way to re-use old dead applications with old no more available Operating System is to use `Virtual Workstation“ like from VMware or others. You save some space on your hard drive of say 5 GB for the then old operating system the old program used, and then install in that space the program and all its needed data. I was able to use a program created for DOS that worked on 16 bit systems and could be operated by Widows-XP of 32 bit which can operate 16 bit on computer with Windows-7 or now Windows-8.1 64 bit that can process only down to 32 bit. And thus I used that old program.
But it for a long run, I imagine having to face it and convert the data using some newly available software is best. Mostly, so far at least, the 64=bit process 32 bit and if there is afuture 128 bit OS, it should process 64 bit and so on.