Reliable Encryption for the Rest of Us

Privacy Watch
Though encryption is a strong way to safeguard passwords, personal information, and other sensitive data, it can be confusing due to the acronyms and technobabble that surround the topic.

Many encryption utilities--such as the BitLocker feature in Windows 7 Ultimate, or the Rohos Mini Drive utility for protecting info on a thumb drive--are available. But my favorite tool covers all the bases: It's free, it's easy, it's effective, and it works on all major operating systems. TrueCrypt lets you create virtual encrypted drives. Versions are available for Windows, Mac OS X, and Linux; if you install it on several machines running different OSs, you can open your encrypted files from a network share, thumb drive, or other shared storage device.

The tool has plenty of advanced options, but the simplest approach--and the one I use--is to create an encrypted file protected by a strong password. When you open your TrueCrypt file, it acts as an additional hard drive with its own drive letter. You can interact with that virtual drive the same way that you might with any storage device: You open, save, drag, and drop files to and from the data store. TrueCrypt handles all the encryption and decryption in the background. When you close the encrypted file, the data is protected until you give the password to open it up once more.

Creating Your Data Safe

First, download TrueCrypt. Install it, fire it up, and click Create Volume to build and name your virtual encrypted drive.

Stick with the default ‘Create an encrypted file container' and ‘Standard TrueCrypt volume' options, and then choose a name and location for your data store. For its name, you'll need to manually enter the .tc file extension that TrueCrypt uses.

Stay with the default AES (Advanced Encryption Standard) selection; AES is approved for use with top-secret government data. When TrueCrypt prompts for a volume size, choose an amount big enough to hold any files you plan to encrypt.

Next comes setting the password, perhaps the most important step. Create a good, strong password; don't just reuse the same one you're probably using for Webmail and everything else. You'll also need to write it down somewhere safe--TrueCrypt has no password-recovery option, as that could provide a means for breaking in. Lose the password, and your data is likewise lost.

Stick with FAT for the file system type, for maximum portability. Move your mouse around to generate randomness for the encryption--you'll see the encryption key changing next to the ‘Random Pool' header--and click Format.

Safety Options

Your encrypted virtual drive should now appear in the location you specified. If you double-click that file (or click Mount in TrueCrypt and select it), your data store will open at the drive letter you choose. At this point, you can add the files you'd like to encrypt.

When you're finished adding files, click Dismount. Under Settings, Preferences you can also specify ‘Auto-dismount volume after no data has been read/written to it for XX minutes', so if you forget about TrueCrypt, it will automatically close and encrypt your file.

As with any important chunk of data, you should also back up your TrueCrypt file in case of hard-drive failure. After saving the backup to a thumb drive or other shared media device, you can restore your encrypted files on a new computer as long as you have installed TrueCrypt on it.

Subscribe to the Security Watch Newsletter

Comments