Thursday, September 15, 2011

Secure Document Sharing / Storage

With all of the 9/11 coverage this past weekend and all the stories from family members who lost loved ones, that reminded me I've been meaning to make sure my wifey has access to all of our online accounts for bills, credit cards, retirement accounts, home/life insurance, etc.

The dilemma is how to securely do that.  I believe Dave Ramsey tells you to write down all the accounts and store it with a safe deposit box at your bank.  That is a good idea and that is secure, but if you have accounts that require quarterly password changes, that would require a few trips to the bank.  I also just came across this article with a few horror stories of banks actually seizing safe deposit boxes, but that is probably rare.

You could keep them in password protected files on your personal computer, but in reality files with passwords on them, like Microsoft Word documents, are easily crackable with free programs on the internet.  And if your PC crashes, or is stolen, you either lose the file or someone else has access to all of your personal accounts all in one nicely organized spot.

I did a search for encrypted file storage and found a blog post from a guy who combined two products.  He utilized a free Open Source program called TrueCrypt, which does highly secure file/volume encryption.  In addition, he utilizes DropBox for syncing that volume a free online storage account.

I tried the TrueCrypt/DropBox combo and it works really well.  You first install TrueCrypt, go through their easy tutorial on creating a secure volume and then mount it up.  I did mine very small, so that it would transfer quicker to DropBox and also because it only needs to store 1 or 2 small files.  Once your secure/encrypted volume is mounted, you can place your Word/text document(s) in that folder and then unmount the volume/folder.

At that point, you have a file somewhere on your computer called whatever you named it that appears like it's just a single file.  If you double click on the file it will not open, you would have to open TrueCrypt and mount the file as a volume/folder and of course, enter your secure password.  They recommend a password or phrase of 20 characters or more, which is what I did.  It's much more secure that way.

Then you go to the DropBox website to sign-up and install the DropBox app.  When you sign-up for DropBox you get 2GB of free storage and if you sign-up through the link above, you and I both get an additional 250MB.  Also, when you sign-up, you just give your name and email and then you will be prompted to download the installer, so be sure to sign-up on your home PC that you utilize most often.  Definitely a very cool product. 

Then once you have it installed, you add your 'file' to the list of items DropBox will sync to your online account and you're good to go!  You can either share that file out to other people or they can login to your account.  Once they have access to the 'file' they can download the file, open up TrueCrypt, mount the file up and access the document(s) after they provide the password to open it up.

By default, TrueCrypt will maintain the modify date so that it doesn't look like your file has been updated recently.  In order to get DropBox to notice a change, you have to do the following:

1. Run TrueCrypt
2. Choose "Settings" from the menu
3. Choose "Preferences"
4. Under the "Window" heading (4th one down)
5. Uncheck "Preserve timestamps of file containers"
6. Click Ok
7. Done

If you leave DropBox running on your PC, anytime you mount up the file/volume on your PC, change the documents in it and then close it back up, DropBox will automatically sync the file to your online account, so that it's always up to date.   Since I don't anticipate making a whole lot of changes once I have all of the relevant info in the file(s), I do not leave DropBox running at all times. 

All in all, it's a really slick little free solution to securely share documents/files.  I tested it out with my tech-savvy wife and she was able to grasp the concept with no major issues.  She just needs to remember the password.  I'll have her access the file at least once a month to be sure the process is fresh in her mind, so that it becomes second nature.

Do you currently have a method to securely store sensitive data and/or backup critical files online?  Do you have other methods for doing something similar?  Definitely drop me a comment and let me know!


Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes