In Part 1 we started with the basics of protecting your laptop – physical security. Now that your laptop is safety locked up and under your watchful eyes it’s time to protect the data inside of your digital best friend. The information on your laptop says a lot about you and the data on your hard drive is worth much more than the physical machine.
Luckily these days encryption is very strong, in some cases stealthy, and potentially very effective. The problem is that hardly anyone does it.
Encrypting Your Data- The Basics
Even if you’ve locked your computer with a password, the data on your hard drive is not coded or protected in any way. That means if someone steals your laptop and pops the hard drive out, they can see all of your files and use them. It’s easy to encrypt (code) your data to make it unreadable to most attackers.
- FileVault (Mac): You can automatically encrypt your home folder using FileVault (System > Security > FileVault), which is built right into the operating system.
- TrueCrypt (Windows, Mac, Linux): Free software that can encrypt your entire hard drive or create an encrypted section of your disk for your important files and folders.
For those of you using Windows 7 Enterprise or Ultimate editions you can use BitLocker, which is built right into the operating system. Of all these methods though, TrueCrypt is my favorite free software alternative since it’s the easiest to set up and places the fewest limitations on your system (FileVault and print sharing don’t play well for example). To effectively use these encryption schemes you’ll need to pick a good password – a really good one. More on that below.
Hiding From The Cops and Customs Agents
Encryption is great and all but when traveling your laptop is under scrutiny and laws that change across borders. Even in the US, customs agents can (legally) demand your laptop password to inspect your hard drive.
- There’s a way to encrypt your data and hide it so it won’t be noticed using TrueCrypt. Read my tutorial on how to protect your laptop from thieves and customs agents.
Inspection of laptops is more common than you may realize in many parts of the world by law enforcement. It’s a good idea to create a hidden folder (described in the tutorial above) to hide those sensitive files and pictures in case the law decides to get download happy.
Keep Good Passwords
One of the weakest points of security on the road is that people pick terrible passwords. Make your passwords and your life easier by using a program to help you create strong passwords. What is a strong password? Anything that’s randomly generated and 8-20 characters will cut it for most cases.
- KeePassX (Windows, Mac, Linux, mobile devices) – KeePassX is a free program that will store all of your account names and passwords. You just need to remember a single password to unlock KeePassX which also can generate random passwords up to as many characters as you’d like. Pick random passwords that are at least 8 characters.
- KeePassX also integrates with Firefox and Internet Explorer if you use these 8 KeePassX plugins.
- KeePassX also integrates with Firefox and Internet Explorer if you use these 8 KeePassX plugins.
- Password Safe (Windows, Mac, Linux) – An alternative to KeePassX, also generates passwords.
Now that you know how to create good, random passwords go ahead and create a separate one for each of your accounts. That includes Twitter, your email account, Facebook – all of them. Someone looking to steal your data, money, or identity typically just looks for one password since most people use the same one for all of their accounts.
Sharing Your Laptop
Being the good hostel-mate that you are chances are you’ll be letting someone ‘borrow’ your laptop for a quick email. Here’s how you can make sure that they don’t inadvertently read your email or change your browser settings.
- Start Private Browsing in Firefox(Tools > Private Browsing) – This will sign you out of any sessions (open accounts) you happen to be in and also make things a bit more private for your friend too since Private Browsing mode won’t leave a trace of passwords or other history information.
- Internet Explorer users can do the same by opening a new tab and selecting “Browse with InPrivate”.
- Temporarily Turn Off Auto-Complete – “Autocompletion” is when you start typing the first few letters of an account name in a window and the browser finishes the rest for you. You can temporarily turn the feature off in Firefox with the AutoComplete plugin and in Internet Explorer Tools > Internet Options > Content > Autocomplete
- You can also try downloading a separate browser just for other people to use. Firefox and Opera are free to download.
The private browsing modes of the browsers are also a good idea if you’re at an Internet cafe or are the person borrowing the laptop. If you’re especially paranoid about someone else seeing those “sites” you’ve been to, you can also turn off URL suggestions in Firefox.
Your Laptop Is Set…Well, Not Quite
Your laptop security extends way beyond the hard drive sitting in front of you. Much of your data is strewn across the web whether you like it or not but you can take a few steps to securing it as well. In Part 3 tomorrow I’ll go into securing your online presence and accounts; but before you move on, take a second look at the section on passwords. A good password goes a long way.
Continue with Part 3 of this series.
[photos by: FHKE (lego man), My Melting Brain (matrix code), Gwen’s River City Images (police kid and dog), deepwarren (hand to camera)]
Great advice, but File Vault on the Mac has serious problems. The biggest is that it won’t work at all with Time Machine. Time Machine won’t back up an encrypted directory when its mounted. So, to backup, you need to log out.
Or, to put it another way, the price of encrypting your data is that you can’t use the excellent back up app that also ships with the OS. It’s not very easy t
My solution is to create small encrypted disk images which I stick my files in on an ad hoc basis. This isn’t very good solution and leaves, e.g. my Firefox cache open for all to see.
As to sharing, I have a guest account which I’ll switch into if I’m lending someone my laptop for a few mins for a quick email. When I flip over to that, I can stay logged in, but the other person has no access to my stuff (and all their cache is deleted when they log out… so nothing clutters up my hard drive).
Great advice on the separate account for sharing the laptop Richard – and I agree with you on FileVault. It needs a lot of work, personally I use TrueCrypt folders. Hopefully Apple will work on improving FileVault in upcoming versions of the OS, it’s a good start and something to include.
Still Windows doesn’t have encryption built in for all versions of Vista or 7…
Is that a common thing for US Customs to inspect contents of a hard drive?
I haven’t seen any reliable statistics on it but it does and has happened. Always a possibility and generally when they do they’ll ask you to boot the machine up if it’s in sleep or hibernate mode.
I did not realize the customs’ officers could request the passwords!! whoa!! Again- great information here.
It’s been an interesting legal battle in the US but so far passwords (at the border) aren’t protected by any privacy laws that I know of.
It’s hard to disagree with advice to encrypt files, but I do think it’s worth pointing out that most users have very little data that really, truly, needs to be encrypted, aside from passwords. Many people confuse “encryption” with simply storing things in a secure, password-protected location.
Rather than risking problems (and all encryption programs have their flaws and risks, however, minor) it’s probably best for most users to just encrypt only those files that really need to be – and if you really don’t need it, just keep your vital data in a secure place.
Also, regarding letting others use your computer, as Richard points out a “Guest” account is the best solution, but to be REALLY vigilant about keeping “guests” from seeing any of your files, be SURE to log in yourself as a Guest and poke around – unless you’re keeping ALL of your stuff within a protected folder in your Home directory, it may be seen by Guests – I’ve seen this on other peoples computers I’ve borrowed – they install programs or keep files in their root folder, or in the Public (or even an unsecured) folder of their Home directory – not too hard for someone who knows where to look to find things.
Lastly, unless you’re at home/work on a secured network, do NOT share your computer to the network – you wouldn’t believe the fun I’ve had at conferences browsing through other people’s computers from my own because theirs is “shared” to the wireless network that the conference uses, with realizing it.
Good advice although since the effort to encrypt is low and the security trade off high, I think most people should encrypt. Agree with you on conferences, people share all kinds of stuff, not to mention at hotspots, cafes, and hostels.
Anil: I am presently using the built-in Keychain on my Mac for passwords. I have set it for a master password, and then have added a further level of security by not actually writing the passwords in each of the keychain items. Instead, I use a code. I have three different passwords, one for high security sites like banking, and two others for other, less important logins. I have a word that represents each password, say for instance, red, white, and blue (not the real words), and this is what I put in the password field. So even if someone gets my unlock password, they wouldn’t have access to any of my “real” passwords. I’d be interested to hear your thoughts on using Keychain.
Keychain is a good password manager – it encrypts the passwords on disk (but not the other information it stores from what I recall) and plays nicely with the Mac OS. The weakest point of the architecture is what applications you give access to your Keychain.
Thanks for this info – however I have a question about hard drive encryption. If these programs come with the operating systems and it’s are a really good idea to enable them – then why isn’t this a default? Why do we need to go turn them on? What is the downside to encrypting your hard drive – are there any? Is it slower, or more passwords to remember? I figure that with most things there are advantages and disadvantages – so just wondering what they are.
When talking about full-disk encryption (where the entire hard drive is encrypted), only Windows really has it with BitLocker.
But in general with encryption you lose space (encrypted files are bigger), it slows down the disk ever so much, and if you forget your password or lose the key your data is gone. It would be difficult to encrypt hard drives from the factory using the operating system – then you’d either have to ship each one with a separate key and hope nobody loses it *heh* or ship them with a generic key that will get cracked in no time. Less liability and more secure to have individuals do the security side.