Deprecated: Assigning the return value of new by reference is deprecated in /nfs/c03/h03/mnt/52932/domains/retiredblog.gkaindl.com/html/wordpress/wp-settings.php on line 472

Deprecated: Assigning the return value of new by reference is deprecated in /nfs/c03/h03/mnt/52932/domains/retiredblog.gkaindl.com/html/wordpress/wp-settings.php on line 487

Deprecated: Assigning the return value of new by reference is deprecated in /nfs/c03/h03/mnt/52932/domains/retiredblog.gkaindl.com/html/wordpress/wp-settings.php on line 494

Deprecated: Assigning the return value of new by reference is deprecated in /nfs/c03/h03/mnt/52932/domains/retiredblog.gkaindl.com/html/wordpress/wp-settings.php on line 530

Deprecated: Assigning the return value of new by reference is deprecated in /nfs/c03/h03/mnt/52932/domains/retiredblog.gkaindl.com/html/wordpress/wp-includes/cache.php on line 103

Deprecated: Assigning the return value of new by reference is deprecated in /nfs/c03/h03/mnt/52932/domains/retiredblog.gkaindl.com/html/wordpress/wp-includes/query.php on line 21

Deprecated: Assigning the return value of new by reference is deprecated in /nfs/c03/h03/mnt/52932/domains/retiredblog.gkaindl.com/html/wordpress/wp-includes/theme.php on line 623
blog.gkaindl.com » Mac Tip: Encrypted Storage

blog.gkaindl.com

nerd nouveau

Mac Tip: Encrypted Storage

There’s a list of 10 free ways to store passwords securely on Lifehacker today. However, they’ve left out one very simple while extremely flexible method for Mac users that I’ve been relying on for quite some time.

For most passwords, the MacOS X keychain is a great solution, since .mac users can even sync it among various computers (such as a laptop and desktop Mac) and it’s really implemented in a “set-and-forget” manner. The keychain is integrated with Safari, for example, so all my web passwords are securely stored there and get auto-filled if I want to log in to a site again. This also works in most other Mac browsers, save for Firefox, which comes with its own password storage.

Then again, having all the passwords in one human-readable place for quick reference is a great thing as well. And it’s extremely simple with encrypted disk images. Here’s how to do it:

  1. Open “Disk Utility” (it’s in the “Utilities” subfolder of your “Applications” folder).
  2. Click the “New Image” button.
  3. Leave the default settings (or change them if you want), but set “Encryption” to “AES-128″.
  4. Save the new disk image.
  5. Disk Utility will now ask you for a password. This is the one password that will protect all your others, so choose it wisely. It shouldn’t be too easy to guess, but you should also be able to remember it!
  6. Before you click “OK”, make sure that “Remember password (add to Keychain)” is checked (also see below).
  7. Congratulations, you now have an encrypted, writable disk image!

To use this disk image now, just double-click it to mount it in the Finder. It shows up as a new volume. You can put whatever data you want onto the disk image, for example, other than storing your passwords in a text file there, you can also store your bank information, credit card details or incriminating photos.

Once you are done, make sure to “eject” the disk image. If you want to access your data again, just double-click the disk image. It will open without prompting you for a password. This is because you have (securely) stored the disk image password in the keychain, but you have also remembered it in case your keychain might get corrupted. Thusly, the disk image can be used to back up the passwords that are usually stored in the keychain safely, without having to enter the master password manually all the time. Also, 128bit AES is a strong encryption algorithm elected to be the new standard for symmetrical data encryption, succeeding DES. This means that your disk image is safe from unauthorized access. Sweet!

Note that everybody logged in with your current user account can open the disk image without being prompted for the password. If you have set your Mac to automatically log you in after a reboot, or if you do not require to enter your password again after waking your computer from sleep, I’d suggest not saving the disk image password in the keychain (just uncheck the box in the “Enter Password” prompt in Disk Utility while creating the image). Since anybody being able to physically access your Mac could easily circumvent the protection, using the encrypted disk image would be pointless in this case.

However, for those of us who require a password when rebooting or waking the Mac from sleep, this is a very easy and flexible way to secure sensitive data in an easy (and free) way.

1 Comment

Comments are closed | Comments RSS

  1. Deprecated: Function ereg() is deprecated in /nfs/c03/h03/mnt/52932/domains/retiredblog.gkaindl.com/html/wordpress/wp-content/plugins/google-analyticator/google-analyticator.php on line 445
    Geek Squad technician stealing porn from our hard drive! « Business and Consumer Alert
    wrote on Oct 17, 2007 at 6:01

    [...] advise encrypting sensitive files in advance with a program like TrueCrypt (WIN) or making an encrypted disk image (MAC, be sure to skip step 6). Or, keep it all on an external hard drive and/or zip all the files [...]

About

Hi, how are you? My name is Georg Kaindl, and I'm a twenty-something from Vienna, Austria. During the day, I'm a CS student at the Vienna University of Technology, but at night, I turn into an independent software developer for the Macintosh platform, social nerd, lazy entrepreneur and intuitive researcher.

I like to write about everything that matters to considerate technology enthusiasts, but humbly retain the right to go off-topic from time to time.

My posts are licensed under a Creative Commons Attribution 3.0 License.

Contact

You can reach me by email if you have something to say that's not related to a blog post or that you don't want to have publicly available as a comment to a post.

However, you'll have to prove that you are human! Even though I personally like robots very much, I'm less of fan of SPAM. It's just a simple riddle to solve, but a SPAM bot won't cut it!

To get my email address, take the word before the .com in my domain name first (Hint: The word you are looking for starts with a "g" and ends with an "l"). Next, simply attach @mac.com to this word.

Boom, there's my email address. Simple, isn't it?

Powered by WordPress

Comments RSS

Entries RSS