Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tools for the paranoid: 5 free security tools to protect your data

Erez Zukerman | Feb. 4, 2013
Whether we work with trade secrets or just prefer to keep our stock trades secret, we all have data that's invaluable to us—and valuable to online evildoers. Here are five free tools for protecting passwords, browsing anonymously, and encrypting our most precious documents.

KeePass protects against keylogging with its AutoType feature, which saves you the trouble of manually typing individual website passwords. KeePass pastes them into the browser window using a combination of virtual keystrokes and clipboard obfuscation, making it all the more difficult for a keylogger to figure out what the password is. AutoType is sometimes finicky, but when it works, it's very useful. KeePass also lets you enter your master database password in a prompt protected by UAC (User Account Control), blocking any software keylogger that isn't running with administrator rights on your machine.

Get KeePass, and start using it right now. You'll thank yourself next time a major website breach vents thousands of usernames and passwords into cyberspace.

For your files: TrueCrypt


Let me guess: You use Dropbox. Or maybe SkyDrive, or Google Drive, or one of the numerous other cloud file-hosting services out there. These services are invaluable for synchronizing data across different computers and mobile devices or sharing it with others. But here's an interesting bit of trivia: Did you know some Dropbox employees can access your files? Granted, that they would do anything with your data is a far-fetched scenario, but why take the risk? The free utility TrueCrypt lets you effortlessly encrypt entire folders, so your cloud-synced data remains truly yours.

TrueCrypt works by creating virtual encrypted disks; this means that, as far as Dropbox can tell, a TrueCrypt-encrypted disk is just a blob of random binary data. However, when you mount that volume using TrueCrypt, you need only enter the correct password and a new drive shows up on your system. Every file you put into this drive is instantly encrypted, secure from prying eyes. As soon as you unmount the volume (eject the disk, so to speak), it becomes completely inaccessible.

TrueCrypt is very serious about security, to the point of providing plausibly deniable encryption. Let's say that some person or legal entity finds out you're keeping files inside a TrueCrypt volume, and has the power to compel you to give away your password. With a less serious security solution, this is game over: As soon as you give over your password, your data is forfeit.

TrueCrypt lets you get around this limitation by creating a hidden volume inside a TrueCrypt container. Enter one password to decrypt the volume, and you get one set of files (decoy files you put there in advance, which should seem believable enough to stand in for the contents of that volume). Enter a different password to decrypt that same volume, and suddenly you get an entirely different set of files, which are the real files you're trying to protect. In other words, whoever coerced you to give away your password now thinks they have whatever files you were hiding, when in fact they don't (but you can claim they do, and there's no way to detect that two-password trick). This sounds like a scenario lifted out of a William Gibson novel, but it's a great option to have, especially in a free tool.


Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.