Advice re File Security

That’s a great idea… as long as the drive is encrypted! I’d hate for someone to reach in his truck and walk off with it, plug it in, and have full access to all his files.

Several years ago, DDS tapes with data not useful to anyone else.

Two things come to mind.

You should set a firmware password on your MBP if you haven’t already.

You should consider redacting part of the passwords you store in plaintext such as in Obsidian. In fact, that is the only way I have ever used 1Password, also.

Say your go-to password is august20. Store it as a..0. Something only you will know.

Or, say you generate a password: $X8Tg8z6N4WtLW@#?&e!@mp#HG. Prefix august to it and store a..$X8Tg8z6N4WtLW@#?&e!@mp#HG.

You don’t give yourself enough credit :slight_smile:

Perhaps but compared to some of the expertise in this forum I’m a mere MPU Jr. :wink:

I don’t want or need to turn this into a thread pro/con subscription, but in light of all the additional work that you’re looking at for a system which is much more difficult to maintain and (as others have said) likely to not be as secure as 1Password is, do you think that such a system is a good trade-off between your time and security vs the subscription cost?

Do you own 1Password 7 outright now (i.e. non subscription)? If so, you should be able to continue to use that for several years (I’d assume 2-3 at minimum). They just released an update to it this week, and it works fine on Monterey. So… is there a need to create a new system now, or would it be better to keep using 1Password 7 without a subscription, and put your time & energy towards something else. By the time it stops working, there may be another solution that does not exist today.

Now that I’ve said all of that… I also want to offer a few suggestions:

  1. For the love of all that is good and holy, do not store passwords in a regular document on iCloud or in Obsidian or anywhere else. Just. Please. Do not.

  2. You could also store an encrypted DMG on your Mac or in iCloud/Backblaze. These can be made for free, or you can use DropDMG ($25, one-time purchase) to help you make them. Think of an encrypted DMG as a folder on your Mac which can be password protected on your Mac, and is only decrypted locally. Store its password securely, and I’d say that it is as secure as any other option available to you.

  3. Personally, I would not trust PDF passwords to secure anything of value. There are too many tools out there and PDFs are too common of a target.

4 Likes

It‘s been a while since I last checked (I think the last time I used encrypted DMGs was on my PoweBook G4, back when FileVault 1 aka FileFault was still in place), but one advantage of TrueCrypt/VeraCrypt images has been that when you change only a small amount of data, most of your data blocks will remain completely unchanged in the image.

Thus, sync engines like the one from DropBox (—> probably any modern sync engine) could easily update your image file in seconds after you added a few PDFs, even if the entire image is worth 50 GB.

I would guess that‘s also true when backing up using Backblaze.

Really no idea if encrypted DMGs maybe work the same way, but that‘s something I would certainly check deciding on a solution.

Yes, you can make DMGs like this as well. I believe they’re called sparse bundles in that case.

3 Likes

Thanks for this information. What is the advantage of something like this over storing copies and backups of my files on encrypted external disks?

@JohnAtl this worked perfectly on my external drive at work but my external drive at home is not showing the option of encrypt the drive. Any ideas?

Screen Shot 2021-08-21 at 9.13.42 AM

I’m beginning to conclude that you are right. I’ve been experimenting with relying on Keychain and other means to secure both passwords and other documents. It’s a pain compared to 1P. 1P may well be one of the apps worth the subscription.

At $36/year for personal use, it is probably worth it. I may off set that by cancelling my MindNode subscription. I love MindNode but I can make do with using Omnioutliner or another one time purchase mind mapping application.

My initial thought is that it’s probably formatted differently. Perhaps it is formatted with a more Windows friendly format like ExFat.
You can reformat it using Disk Utility. Note that everything on the drive will be erased. You’ll want to use APFS unless you need to use the drive on older Macs too. While you’re at it, you could just format it as APFS Encrypted - two birds, one format.

These instructions from Seagate will work for any drive.
https://www.seagate.com/support/kb/how-to-format-your-drive-apfs-on-macos-big-sur-and-later/

I would not trust PDF security either. As others have said, there are lots of tools to get around this.

A spreadsheet of sensitive data in iCloud is also not a good idea. All someone would need is the password to your laptop or mobile device and they could potentially access all your online services.

Thanks John, that worked! I’m now more secure.

1 Like

Thanks everyone for the great advice; because of you I am now much more secure.

  1. Any “secured” PDFs are now stored in an encrypted drive and/or an encrypted DT database which is also stored in an encrypted drive. The PDF password is just one additional layer.
  2. I have now encrypted both external drives.
  3. My backups are as I mentioned earlier.
  4. I’m going to experiment with Keychain a bit longer after Monterey is released but I believe 1PW is going to be better and worth the subscription–it is just easier to store anything I want to secure.
  5. The spreadsheet of PWs is now stored in an encrypted DT database, which is also stored on my MBP, which is also encrypted. I may just delete it.

One “last” question. Is it normal for Time Machine not to show file size? I just finished the backup on the newly encrypted external drive and I just want to make sure everything is good.

Thanks again!

Mostly the fact that you don’t need an external drive, and these can be put on cloud services like iCloud/Dropbox or online backups like Backblaze.¹

You can also make different ones for different things, if you want. You could make one for Taxes, you could make another for secret plans to take over the world, and a third for the draft of your novel…

Or you could put all of them into one big one.

¹ IIRC - some backup services, and maybe Backblaze is one of them, might not backup DMGs by default, but you can change that. I always do.

1 Like

Thanks, I’ll give this a thorough look!

I apologize for another question but I value the advice. How do I make sure that Time Machine is backing up not only my Mac hard drive but also all of the documents in iCloud? Nearly all of my documents are in iCloud. Is this already being done?

Essentially, I’l like to have everything in the screenshot below backed up to my two, newly encrypted, external hard drives.

Screen Shot 2021-08-21 at 2.35.20 PM

When I go into Time Machine on my Mac I don’t see a way to select to backup the files in the iCloud Drive.

There’s a chance this could be read as snarky, but it’s absolutely not intended that way: You make sure in the same way that you make sure anything is being backed up; you test a restore. That’s an incredibly important aspect of a backup program that is very, very often overlooked.

2 Likes

You don’t have to worry about me taking offense. I’m very easy going and have enough faults of my own that if I encountered snark I probably deserve it! :grinning:I’ve leaned over the years to maintain alligator skin and a tender heart–at least I try!

I understand I can test restore but does Time Machine automatically select to backup my hard drive AND does that include my iCloud folders and files that show up on the Mac under iCloud? That is probably a dumb question but unlike some programs, Time Machine doesn’t seem to offer the option to select folders/files for backup.

1 Like