[PCWorld]

Post your comments for Tools for the paranoid: 5 free security tools to protect your data here

[MKZ1945]

Very good article for just about anyone that has a computer and accesses the internet. Some can also be used for hand-held devices out there.

I have been using KeePass for several years. As you sated, one can store a lot of personal information in the encrypted database other than just passwords. I’ve have close to 30 passwords I need to use, some for internet sites and some for software I use almost daily. I also have registration numbers, other people’s personal information that they don’t want the world to know, and much more, and the file size is still less than 100 kilobytes. I don’t bother with the AutoType feature. I just cut and past between KeePass and the window I’m inputting to. It’s actually a little safer than AutoType in bypassing a keylogger.

If I was to add anything to this article I would suggest changing your passwords on a frequent basis for those programs or internet sites that might be problematic if another entity was to gain access. For those that would be a significant security issue I change almost weekly and others I change about quarterly. I would also suggest doing the same for the password you use in KeePass, or whatever password manager you use. My KeePass password changes on the same frequency as the most frequent change in password I changed within the database.

I have had to use encryption for several years when transferring files back and forth between clients, so I rely on that to keep my data files secure, even in my personal world. TrueCrypt is a very good option and it’s simple enough for most computer users. Of course, KeePass plays a big part in this process also. Encrypting files and folders and having weak passwords is a waste of time. Also, if you use encryption and forget the password, you probably wasted more than just your time. Even with encryption I have my limits regarding what I’m willing to store on a cloud drive. Some stuff I don’t even store on my computer for any longer than it takes to put on a thumb drive. This includes my KeePass file. And here’s another tip. Get a file shredder. Deleting files with the default mode in Windows, even if you empty the recycle bin, does not eliminate the file to a determined hacker.

A little security does go a long way, but so does a little common sense. Insure you have the latest update for your operating system and your security software. One thing I’m seeing with Windows security suit is that the virus definition updates for defender can be sitting around waiting for a scheduled update instead of being installed when the update is available. I’ve seldom seen this to be the case with Norton that I have on my other two computers. I’m not pushing Norton here, since it does not seem to play well with the 64 bit version of Windows 8 that I have on my main computer. I check this on a daily bases and you would be surprised how many times you’ll be manually updating defender. Additionally, many people visit websites that are known to be high risks for getting viruses, among these being a large share of the porn sites and some of the dating sites. Nothing is foolproof, but you can spend a lot of money on defense and still open up holes for offense to get through.

[preilly2]

Very useful article with good tips. I especially like the emphasis on freeware, and KeePass seems like the most useful utility for most of us. But with all the real data breaches and compromises going on, calling concerned users 'paranoid' is a little misplaced. 'Sensible' would be more like it.

[mdseuss]

Great article and very useful tools. I would also strongly suggest that LastPass is a great hosted alternative to KeePass. For Windows, Mac, and Linux their excellent browser plugins and tools are free. If you want their smartphone apps, it is $12/year.

I use LastPass primarily on my Ubuntu workstations and for one client on my Windows 7 workstation. All encryption/decryption is done local to your machine, they don't see any unencrypted data.

As a bonus, LastPass also supports Google 2-factor authentication. That sealed the deal for me.

[databaseben]

"whoever coerced you to give away your password now thinks they have whatever files you were hiding"

if there are people experiencing paranoia and coercion, its probably time to leave the country !!

[MKZ1945]

Quote

databaseben
"whoever coerced you to give away your password now thinks they have whatever files you were hiding" if there are people experiencing paranoia and coercion, its probably time to leave the country !!

Where do you suggest these people go and still be able to use a computer? China maybe? How about Russia or Iran? That “www.” in the header of web addresses means WORLD WIDE WEB. I agree that anything can be taken to extremes and sometimes that, in itself, can lead to security issues, but attacks from people and organizations that are trying to get into bank accounts or whatever else they are after have little to do with where one resides and everything to do with how you use the internet and lack of common sense. I hope that most people who have read this article got more out of it then you did.

[BearPup]

The other approach, which I follow, is to never put anything on the web (cloud or otherwise) that I wouldn't care if anybody knows. I don't have clients (I'm retired), I don't bank online, I don't shop online, and I don't do social networks / sites, etc., etc., etc. .

Sure, I comment on sites like this, and answer posts in online forums, but I'm no more concerned about that than I would be if someone overheard me in the local coffee shop. Nothing to hide, nothing to lose. And I don't feel isolated or deprived either.

I just feel safe.

[T3CHT3CH]

Overall a very informative article! With so many new applications being developed and pushed onto us, it's good to let people know that there is a plethora of free-ware out there that works just as good-if not better-than a lot of the pricey competitors.

I have been using KeePass for almost two years and I would be lost without it, it is literally a life saver in the sense that if an attacker gains access of your passwords, they could ultimately destroy your life! Keep up the great articles PCWorld!

KeePass also has a portable version so you can keep your passwords etc... on a thumb drive. If you use several different computers, this is very convenient!

[JohnCohen]

I think the #1 thing to remember about passwords is to use a different one on each site. With so many companies getting hacked, it's almost inevitable that your password would be hacked at some pooint. So to minimize the damage, use different passwords for every site so that only one site is comppromised.

I prefer RoboForm over both KeePass and Lastpass. They have an option to keep my information on my computer or sync it with the cloud. It doesn't require that you chose one option or the other.

[jeanjackie]

In this day and age, wear the "paranoid" badge proudly!

[k1rked]

Thanks for the article. I'm new to all these tools, but it has been fun to try them out. I've been using TrueCrypt to store my KeePass file for two weeks now and what I've found is that it is rather cumbersome. What I think is causing my annoyance is how long it takes me to get into KeePass when I first sit down at a computer (going through the process of mounting the file, and entering in lengthy passwords). I wonder if I could use keyfiles and simpler passwords to speed up that process and if anyone would have advice on that subject? Ideally, I'd like a secure way to sit down at my computer and have my stored passwords available instantly.

[Dzebruk]

Quote

Thanks for the article. I'm new to all these tools, but it has been fun to try them out. I've been using TrueCrypt to store my KeePass file for two weeks now and what I've found is that it is rather cumbersome. What I think is causing my annoyance is how long it takes me to get into KeePass when I first sit down at a computer (going through the process of mounting the file, and entering in lengthy passwords). I wonder if I could use keyfiles and simpler passwords to speed up that process and if anyone would have advice on that subject? Ideally, I'd like a secure way to sit down at my computer and have my stored passwords available instantly.

Ubuntu 12.04 - all your files can be encrypted and you only need a PW to open (no selecting a file, then mounting etc) (or)
Keep your PW program on a thumb drive.

[mail2ri]

Have been using TrueCrypt and can vouch for its efficient performance. However, Tor disappointed in its slower speeds in loading web pages. It uses the Firefox 10 engine and should have been intuitive, but isn't. For secure browsing, I prefer using any of the popular browsers in private mode instead.

[ByteMyAscii]

MKZ1945 said:

I just cut and past between KeePass and the window I’m inputting to. It’s actually a little safer than AutoType in bypassing a keylogger.

Any half-decent keylogger would monitor the clipboard, and is far easier than trying to deal with application specific counters.
So no, that is not more secure.

[ByteMyAscii]

mail2ri said:

Have been using TrueCrypt and can vouch for its efficient performance. However, Tor disappointed in its slower speeds in loading web pages. It uses the Firefox 10 engine and should have been intuitive, but isn't. For secure browsing, I prefer using any of the popular browsers in private mode instead.

Private mode is not any more secure, only it minimising the traces left behind.
Not saving history or passwords entered in that session for example.
All it does is hide the history of that browsing session.

[deepsand]

MKZ1945 said:

I don’t bother with the AutoType feature. I just cut and past between KeePass and the window I’m inputting to. It’s actually a little safer than AutoType in bypassing a keylogger.

No decent keylogger will be defeated by your method, as it will intercept copy/paste operations.