Help Me Secure my USB Drive
January 8, 2009 11:20 AM   Subscribe

I have a shiny new 4 GB USB drive, and I want to secure the information on it (bank info, passwords, etc). What's the best (free) way to do this?

rushmc asked this question 4 years ago, but that was a very long time ago. I need for the solution to be limited to the usb stick only - I will be using it in multiple environments where I do not have admin rights to the machines I am using.
posted by Irontom to Computers & Internet (10 answers total) 14 users marked this as a favorite
KeyPass is awesome for this kind of thing.
posted by brian60640 at 11:27 AM on January 8, 2009


Available standalone or bundled with lots of other useful free Portable Apps.
posted by notyou at 11:28 AM on January 8, 2009

Truecrypt is a great tool for that specific task.
posted by Amby72 at 11:28 AM on January 8, 2009 [1 favorite]

Truecrypt would be the perfect solution, however it requires admin rights to either install or run directly from the USB drive. Keepass would be the next logical choice.
posted by phrayzee at 11:49 AM on January 8, 2009

Keepass is only for passwords. If you have a file you need to encrypt in a pinch and need it to be cross-platform then just make a zip archive and password protect it. XP zip, winzip, pkzip, etc all can handle encrypted zip files. Choose a strong 8 character password. This isnt a very secure solution, but I find it deters non-sophisticated users.

For a bit more security, you can instead install the 7-zip portable app and use that for encryption and decryption. Its a lot more secure than the tradition zip implementation. Use the .7z format. It uses AES for encryption and supports longer than 8 character password. This means that you will need 7-zip anytime you need to encrypt and decrypt. You should also be using a wipe utility to delete temp files off the usb drive when done.
posted by damn dirty ape at 12:48 PM on January 8, 2009

You might look at PassWord Safe on SourceForge.

posted by sandpine at 1:01 PM on January 8, 2009

GPG in symmetric mode is intended for this type of use, and you can put an executable for just about every platform right there on the stick if you so choose. If you elect to use it, make sure you do not decrypt the file to disk when accessing it; unencrypted data would be trivially easy to access from a deleted temporary file, defeating the entire purpose of bothering to encrypt at all. Just use plain old gpg -d at the console to read your file.
posted by majick at 1:04 PM on January 8, 2009

I use both Keepass and Truecrypt, both have their place, but they answer different needs.

Keepass is a password manager as the name implies: it's an encrypted database with specific fields like user, password, web link, and so on. It's great for keeping PINs, account numbers, short snippets of important information. Keepass is only one of many products in this niche. Lifehacker reviewed/rated a bunch recently.

Truecrypt is a file and directory encryption tool. It makes an ecrypted file (or even disc partition) that you can store other files and directories in as if it were a separate disk volume, just like a flash drive, say. You use this for storing files you want to keep private. In my case, I use it for pdfs of my financial records and other important documents.

It sounds like you need Keepass, or some other password manager. Truecrypt would be overkill for the use you have.
posted by bonehead at 1:14 PM on January 8, 2009

What I did for basically the same thing was to make a password protected disc image. Stored what I needed in and just put the whole image on the drive. Its portable (and as long as its a mac) I can get to what I need
posted by ShawnString at 1:24 PM on January 8, 2009

Amen to KeePass.

As far as individual file encryption, I think you can make it work with GPG version of portable Thunderbird and the enigmail add-on. I just double checked, and what you do is attach the file or files, encrypt the email to your public key, and send it to yourself. There's an option to encrypt the whole message or to encrypt each file individually and send them inline. Do the latter. Then, when you want to decrypt, use the "decrypt and open" or "decrypt and save as" options to open it.

If you want the attachment only on your thumbdrive and not on a server (I'm assuming you're using IMAP), you can do it a couple of different ways. One, save the attachment without decrypting it. When you want to access it, send it to yourself in an unencrypted email, and then use the same "decrypt and [whatever]" option to get at it.

Two, which is less clumsy, is move it to Thunderbird's local folders. You'll still be able to open it when you're not online.

It's clumsy, but functional.

And majick's way seems to be a lot less clumsy, so maybe just do that.
posted by averyoldworld at 1:25 PM on January 8, 2009

« Older Where can I find a locker that holds the key after...   |   Dating Protocols!!! Newer »
This thread is closed to new comments.