Putting all your eggs in one basket is not a good idea. Keeping all your critical data on an item you keep on your person at all times, a USB drive, ensures that it is protected. However, it also means that your data is moving around and thus increases the number of places you could be parted from it.

Now, your USB drive may include a security program for encryption. If it does not, or you wish to use a program that will work on any drive and not just on the drive you purchased, try TrueCrypt. TrueCrypt creates a virtual encrypted disk within a file and mounts it as a disk. TrueCrypt can run in Traveller Mode, which allows it to not be installed on the Operating System. You will need administrative privileges in order to run it that way and records of the mount may be left on the computer, although the data will be secure.

For portable versions of various popular applications, visit Portableapps.com. It includes portable versions of the Firefox Web Browser and the Thunderbird Email Client, as well as an IM client, a portable version of OpenOffice, and so on. Our ideal portable applicatiion USB drive contains Openoffice, Firefox, Thunderbird, TrueCrypt, KeePass(which we mentioned in a previous post), and Miranda IM Portable. Our data USB drive contains KeePass, TrueCrypt, and our secure data.
In a future post, we will discuss how to install a bootable operating system on your USB drive, if you wish to go a step further in mobile security.
Just remember when using a USB drive with portable applications that they can spread viruses and malicious code in between computers. Scan your USB drive for viruses on a regular basis, especially when it has been in strange computers. Also, back up your USB files regularly to ensure your protection.

In our next security piece, we’ll discuss strategies for backing up your data.

In last weeks post on Laptop Security, we explored some of the special issues of keeping your laptop secure, many of which also apply to desktops. Now, there are many commercial products to assist you in that, but we will generally focus on the free and open-source ones. Remember, free does not mean bad. The open-source community has produced a great deal of quality software.

Now, we turn to the issue of password security. A few bits of common sense advice:

1. Do not base your password on a dictionary word. Brute force attacks on passwords use dictionaries.
2. If possible, combine letters and numbers, even better, non-alphanumberic characters, ie ! $ % etc.
3. Vary the case of letters. Remember, FoUr is a different password than four or Four.
4. Passphrases can be a good idea with sites that do not limit the length of your password. If ones do, try a passphrase as a mneumonic. For example, turn The Quick Brown Fox Jumped Over the Lazy Dog into TqBfJoTlD – hard to break, but easy to assemble when you log in. Note the varying case.
5. Change your password regularly.

Now, that requires a lot of work. So, try some software assistance. While several commercial software packages allow for password vaults, we offer this nice free one, KeePass. KeePass is a password manager that stores all passwords in one database locked with a master key/password or key disk. A key disk can be stored on a USB drive, a floppy disk, etc. Just remember to take a copy of it and store it in your safety deposit box, a fire-proof safe, or with a loved one, in case of unexpected loss.

KeePass is a Windows program, but doesn’t store any information in the Windows registry. Thus it will work on older versions and newer versions of Windows and will continue to be updated. It can auto-type into web browsers and other programs. It is extensible with plugins and very configurable.

Look forward to our next part in this continuing series of securing your computer use, when we will discuss more secure tools you can store on your USB key-disk, and more about USB jumpdrives in general.