BoxCryptor: Secure Your Data in the Cloud

One of the hidden issues in online storage is privacy. Almost all online storage providers have the ability to examine your data or hand it over to law enforcement even if the provider has encrypted your data.

Hopefully, most of us will never have to deal with the law-enforcement scenario, but even the realization that a rogue employee at an online data storage provider could peek into what we keep online can cause concern. For some, it’s enough concern to avoid using cloud storage at all.

The solution is simple: encrypt the data yourself.

Unfortunately, implementing that “simple” solution isn’t always that simple or transparent, and can add a layer of complexity to online storage some find intimidating.

BoxCryptor is a nicely unobtrusive encryption solution that is free for personal use.

Read moreBoxCryptor: Secure Your Data in the Cloud

VeraCrypt: Free Open Source Industrial Strength Encryption

Encryption comes up frequently in many of my answers. People are concerned about privacy as well as identity and data theft, particularly on computers or portable devices where they don’t always have total physical control of the media.

The concern is that someone might gain access to sensitive data.

Encryption is the answer.

Even if your device falls into the wrong hands, proper encryption renders that access useless.

VeraCrypt makes encryption not only easy, but nearly un-crackable.

Read moreVeraCrypt: Free Open Source Industrial Strength Encryption

How Do I Back Up LastPass?

I’ve long recommended password managers like Roboform and LastPass to keep track of passwords for all online accounts. Besides offering an incredible level of convenience, these tools give you a greater level of security by making it practical to use truly long and complex passwords and generate different ones for every site.

But, as with all things relating to security, there are risks.

For example, what happens if you forget your LastPass master password? Master passwords cannot be recovered. While there are a couple of options that might regain access to your password vault, the worst-case scenario is that you lose the vault  — and everything in it — forever.

Not to keep beating the same old drum, but the best solution is very simple.

Back up.

Read moreHow Do I Back Up LastPass?

What happens when applications die?

//
While I am not particularly concerned about my privacy (all that stuff on the internet was out there before the internet, it was just a little harder to find), I am not particularly trusting. I realize that TrueCrypt was open source and Lastpass etc are all paid services but what happens if they go belly up? What happens if they hire some idiot and all of their saving software goes up in smoke? I have a hard time trusting these services or any others for that matter and these are things that I want under my control.

Actually, what you describe happens more often than one might think.

Typically, it’s nothing as attention-grabbing as the TrueCrypt shutdown, but I do regularly hear from people who have been using an application of some sort for some time and suddenly find that the company’s no longer in business and there’s no way to get an update. In some cases, that means they can’t migrate to current versions of their operating system if they want to keep running that now-unsupported software.

It’s something I consider when using important software. Depending on exactly what software it is we’re talking about, there are often approaches that you can use to protect yourself from potential obsolescence or disappearance.

I’ll give you one hint: it’s one of the reasons I moved from Roboform to Lastpass.

Read moreWhat happens when applications die?

Should I Defrag TrueCrypt?

//
Should I defrag a TrueCrypt volume and if so, should I do it with the volume open or closed? 

You know, that’s one that I haven’t thought of before. But now that you bring it up, I intend to act on it.

I believe the answer is yes. You should defrag and yes, do it with the volume open, but with one caveat.

Read moreShould I Defrag TrueCrypt?

Is application-provided encryption secure?

//

Hi, Leo. I searched your site and several other websites but could not find the exact explanation that I’m looking for. I’ve been keeping all of my personal financial information and website passwords in an Open Office spreadsheet that is saved with a long, complex password. From what I’ve been reading from your site and others, that spreadsheet is maybe not a secure as I think it is.

My question is – can anyone using sophisticated hacking software see the data in my file without breaking the password? In other words, if I have a relatively complicated password, shouldn’t I trust that as being secure? I find it very convenient to copy and paste login information from my spreadsheet. However, if I someday lose my portable backup drive or it’s stolen or if someone breaks into my home when I’m away, then could someone easily see the data in my password protected spreadsheet file? I assume, of course, part of this equation is how sophisticated the potential thief is and how much of a target I am perceived to be?

There’s a part of me that really wants to say that you’re safe.

In general, I’m not a big fan of using spreadsheets for passwords, but I know a lot of people do for saving that kind of information. And with a complex and lengthy password like you’ve said you’re using, in general, it should be safe to use a password-protected spreadsheet in a utility like Open Office, Microsoft Office, or any of a number of other applications that provide password protection for their documents.

want to say that is safe.

Unfortunately, history does not really bear that out too well.

Read moreIs application-provided encryption secure?

TrueCrypt – Free Open Source Industrial Strength Encryption

TrueCrypt comes up frequently in Ask Leo! answers. Many people are concerned about things like privacy, identity and data theft, particularly on computers or on portable devices where they might not always have total physical control of the media.

Someone might gain access to sensitive data stored on your computer.

Encrypting your data renders that access useless, even when your computer or your thumbdrive falls into the wrong hands.

And TrueCrypt makes it not only easy, but nearly un-crackable.

IMPORTANT On September 30, 2015, it was reported that a serious security vulnerability had been discovered in TrueCrypt. Not a fault in its encryption, but rather a more traditional vulnerability that malicious software could use to gain administrative privileges on your Windows machine.

Since TrueCrypt development has halted and no fix is likely forthcoming, I can no longer recommend its use.

My tentative understanding is that VeraCrypt is a free, compatible, and supported alternative, based on a fork of the original TrueCrypt code. And yes, these most recent vulnerabilities are supposedly fixed therein.

IMPORTANT: On May 26th, 2014 TrueCrypt development was abruptly and somewhat mysteriously halted. While I still use and recommend TrueCrypt, please also read Is TrueCrypt Dead? for what happened, and any late-breaking updates.

Read moreTrueCrypt – Free Open Source Industrial Strength Encryption