Computing with Bifocals - Protecting Your Files from Prying Eyes
by - April 14th, 2006

In my column from March 7th, I discussed the need to share your administrative password with at least one other person, particularly if information on your computer pertains to that person.  I cited the case of a couple and the problems that ensued when one died and the other could not access the family's financial and tax information.  I also explained how you can reset the administrative password, a process that the bad guys can use as easily as you, should they get hold of your computer.

In this column I am going to look at ways to protect sensitive information from being viewed even if an unauthorized person accesses your computer.

One way is to only save it to a CD, DVD, or thumb drive.  With a thumb drive you can save over previously saved information.  You can do that with some CDs, but it can be a real hassle to do.  Also, there is always the danger of failure, so you need to save two or more copies of everything.  You can lock up the stored information between uses.  It will be necessary to implement a secure empty trash (Finder > Secure Empty Trash) dump after each session to make sure you don't leave information there.

Note: A Secure Empty Trash procedure takes longer than a normal Empty Trash command because the space on your drive is being written over many times. Also, Secure Empty Trash will not distinguish between your thumb drive and your hard drive. It won't hurt to do a Secure Empty Trash on your hard drive, but again, it does take more time.

Another way is to use FileVault.  Before I discuss this though, I want to make clear that I don't personally recommend using it.  Apple technicians for whom I have great respect say that they see a lot of ancillary problems that result from the use of FileVault.  I never use it myself.

Nevertheless, it is an option.  FileVault was introduced with OS 10.3 (Panther) to allow you to add file encryption to your home folder.  It scrambles the information in your folder.  To activate the FileVault security select Apple Menu > System Preferences > Security.  When you turn on FileVault, you also set up a master password for the computer that you or another administrator can use if you forget your regular login password. If you are the administrator of the computer, and you can't remember the master password, the information in your home folder is lost forever.


FileVault Setup Pane
(Click the thumbnail for a larger image)

A third option is to encrypt specific files and folders.  Think of it as making a password-protected folder.

It is a fairly simple process.  The first step is to put the files you want to protect in a folder. 

Then open Disk Utility. (Applications > Utilities > Disk Utilities). 

Choose File  > New > Disk Image From Folder. 


Choose Disk Image From Folder and click on the
specific folder you want to save and click the Image button.
(Click the thumbnail for a larger image)

When the "New Image From Folder" pane opens enter the name you wish to assign to the folder and where you wish to store it.  Then select AES-128 from the Encryption menu.  When that is done, click the save button.


New Image From Folder Pane
(Click the thumbnail for a larger image)

Saving the document will prompt the final pane, the "Authenticate" pane to open.  At this point you enter and verify a password.  For true security, deselect the "Remember password in Keychain" box.  If your password is part of your keychain record, anyone with administrator power can get to it. 

Last, but not least, write down your password somewhere!


Authenticate Pane
(Click the thumbnail for a larger image)

I hope one of these ways will help meet your needs to make your important information secure.