Following the suggestions for password management posted recently, I thought I would also share my preferences for personal data encryption.
Years ago, at least for me, using PGP or one of the proprietary security suites to protect data on a hard drive was far too onerous. I would usually give up shortly after installing the software due to the number of steps required to encrypt/decrypt data, the speed of the processing, or some other user interface issue. As a result, I would revert back to “security by obscurity” – hiding folders, placing documents inside zip files, etc…
The good news is that encryption solutions have come a long way. If you are trying to go paperless – or even if you just store copies of your tax returns as PDFs – then you have no
excuse reason to avoid them any longer. My preferred solution is a popular one: TrueCrypt
TrueCrypt software is available for Windows, Mac, and Linux and has more features than you would want to read about here – the best of which is creating “secure containers” for files you want to protect. The best part is that it’s free (though a donation is money well spent). In short, once you create a file container, you “mount” it as if it were a separate hard drive on your system, and simply copy files in and out. When you un-mount the container, your files are protected by the level of encryption you initially selected during setup, which can be incredibly secure – incorporating multiple passes and multiple encryption methods, if desired. TrueCrypt can also protect entire drives, but unless you have huge amounts of data to store, this is not necessary.
Speaking of whole-drive encryption, you may have heard of solutions offered by your operating system – like BitLocker / EFS (Windows), or the Disk Utility in Mac OS X. While these solutions can be used to protect your entire hard drive (or portions), I find them more likely to cause problems for the casual user. Unless you need to secure every single file on your system, having one or more TrueCrypt containers makes more sense. You can easily back up a container as if it were a file (because in encrypted form, it is), which makes it easy to keep secure copies on cloud services or removable media. If you backup files from an encrypted drive to an unencrypted drive – they are no longer protected. Of course, you have to actually USE the TrueCrypt software for it to be effective, which is one argument for whole-disk solutions.
As an aside, if you need an extremely lightweight solution for just a few files, then definitely check out AESCrypt. It does little more than just encrypt and decrypt one operation at a time – but it is free, open-source, and very secure.
Finally, don’t just take my word for it. Do some reading and decide for yourself! Here is an article to get you started: LifeHacker “Five Best File Encryption Tools“