In a recent article, we wrote on the subject of Password Security. We advocated creating a secure vault to store your passwords. As a recent article by CNET news indicates, sometimes you can take password security too far.
When William Talcot, a prominent poet, died in June…his daughter couldn’t notify most of his contacts because his email account and online address book were password protected. It is a not uncommon problem. As more and more information is kept on computer and on websites, the danger that in the event of an emergency or death this information will be inaccessible to loved ones is increasing.

Now, savvy attorneys are advising their clients to put passwords to things online into estate documents, and what they want to do with their electronic resources. The provisions governing the release of information from online providers in the event of death are not consistent amongst companies, and often require court intervention.

Our advice for safety in the event of death is as follows: We advised that passwords can be stored in a password vault program…our example is KeePass. KeePass uses one master file for your passwords. We recommend a copy of your password vault with the master password by placed with your estate files. Consider perhaps a safety deposit box for it. We recommend considering a bank safety deposit box as a backup site for a set of your backup media, updated periodically.

The important thing to remember, that in the event of your death or incapacitation, you need some provision for allowing a loved one to access your information to follow your instructions. You have to find the solution that works for you. It isn’t pleasant to think about, but we tend to find that the solution that requires the least amount of work to set up and maintain is the one you are most likely to follow through on.

Putting all your eggs in one basket is not a good idea. Keeping all your critical data on an item you keep on your person at all times, a USB drive, ensures that it is protected. However, it also means that your data is moving around and thus increases the number of places you could be parted from it.

Now, your USB drive may include a security program for encryption. If it does not, or you wish to use a program that will work on any drive and not just on the drive you purchased, try TrueCrypt. TrueCrypt creates a virtual encrypted disk within a file and mounts it as a disk. TrueCrypt can run in Traveller Mode, which allows it to not be installed on the Operating System. You will need administrative privileges in order to run it that way and records of the mount may be left on the computer, although the data will be secure.

For portable versions of various popular applications, visit Portableapps.com. It includes portable versions of the Firefox Web Browser and the Thunderbird Email Client, as well as an IM client, a portable version of OpenOffice, and so on. Our ideal portable applicatiion USB drive contains Openoffice, Firefox, Thunderbird, TrueCrypt, KeePass(which we mentioned in a previous post), and Miranda IM Portable. Our data USB drive contains KeePass, TrueCrypt, and our secure data.
In a future post, we will discuss how to install a bootable operating system on your USB drive, if you wish to go a step further in mobile security.
Just remember when using a USB drive with portable applications that they can spread viruses and malicious code in between computers. Scan your USB drive for viruses on a regular basis, especially when it has been in strange computers. Also, back up your USB files regularly to ensure your protection.

In our next security piece, we’ll discuss strategies for backing up your data.

In last weeks post on Laptop Security, we explored some of the special issues of keeping your laptop secure, many of which also apply to desktops. Now, there are many commercial products to assist you in that, but we will generally focus on the free and open-source ones. Remember, free does not mean bad. The open-source community has produced a great deal of quality software.

Now, we turn to the issue of password security. A few bits of common sense advice:

1. Do not base your password on a dictionary word. Brute force attacks on passwords use dictionaries.
2. If possible, combine letters and numbers, even better, non-alphanumberic characters, ie ! $ % etc.
3. Vary the case of letters. Remember, FoUr is a different password than four or Four.
4. Passphrases can be a good idea with sites that do not limit the length of your password. If ones do, try a passphrase as a mneumonic. For example, turn The Quick Brown Fox Jumped Over the Lazy Dog into TqBfJoTlD – hard to break, but easy to assemble when you log in. Note the varying case.
5. Change your password regularly.

Now, that requires a lot of work. So, try some software assistance. While several commercial software packages allow for password vaults, we offer this nice free one, KeePass. KeePass is a password manager that stores all passwords in one database locked with a master key/password or key disk. A key disk can be stored on a USB drive, a floppy disk, etc. Just remember to take a copy of it and store it in your safety deposit box, a fire-proof safe, or with a loved one, in case of unexpected loss.

KeePass is a Windows program, but doesn’t store any information in the Windows registry. Thus it will work on older versions and newer versions of Windows and will continue to be updated. It can auto-type into web browsers and other programs. It is extensible with plugins and very configurable.

Look forward to our next part in this continuing series of securing your computer use, when we will discuss more secure tools you can store on your USB key-disk, and more about USB jumpdrives in general.