This article continues my series on describing what I already take for granted on my computer.  At work, running Windows XP, I use two programs to keep my passwords and files secure:

1. Password Safe, an open-source program for storing passwords that was originally written by Bruce Schneier.  I chose this program because Bruce Schneier is awesome.  (On my Mac at home I use Apple’s “Keychain Access” instead.)
2. TrueCrypt, an open-source disk encryption program for storing files securely.

Passwords

I keep Password Safe running all the time.  You can double-click Password Safe from the tool bar.  The icon is green when the safe is “locked” and red when the safe is “unlocked.”  To unlock the safe, Password Safe prompts you for a master password.  Once you type this password in the safe becomes unlocked.  When you haven’t used the safe for a couple of minutes it automatically locks again.

You can group passwords into categories, e.g. “listserv passwords.”  Whenever you double-click a password it is copied into the clipboard.  You can also tell Password Safe to go directly to a URL associated with that password.  The clipboard is purged whenever Password Safe is minimized.

With this system, your “master password” gives you quick access to all the passwords you’ve saved.  Password Safe can randomly choose a password for you, so that you don’t even need to know the individual passwords–just the master password that gives you access to your stored passwords.

Files

Once you install and run TrueCrypt, you will see a new icon in the task bar that you can double-click to bring up the TrueCrypt application window (pictured).  This window lets you “create a volume” or mount a created volume.  Basically what’s happening here is that you

1. create a secure file in which to store confidential materials, e.g. a 1 GB encrypted file on your computer somewhere.
2. you use TrueCrypt to “mount” (open) this file as a new disk drive, e.g. “H:”.

To create a volume you use the “create volume” button.  I then selected a “create an encrypted file container” as a standard truecrypt volume.  The file name should end in “.tc” for TrueCrypt so you can double-click it and have TrueCrypt open.  You set a file size–and be careful here, because to the best of my knowledge you will be forever limited to this file size.  Finally, you can set a password and/or a “key file.”  I create a hugely long password and–you guessed it–put this password in Password Safe.  That way I don’t need to know the password.  If you want, you can also create a “key file” e.g. a file on a CD or USB key that is required to open the TrueCrypt volume you’re creating.  Just be careful–if you lose the key file you essentially lose all your data.  (So at least make a backup!)

To open a volume, you just “select file…”, find the file, enter the password, and tell TrueCrypt what letter to use (e.g. “H:”).  Then TrueCrypt will mount the drive, and you can use it as you see fit.  If you choose a standard letter, you should also tell other programs to be careful so they do not index or back up your encrypted contents.  For example I use Google Desktop, so I have told Google Desktop not to index the stuff on the “H:” confidential drive.

You can tell TrueCrypt to dismount the drive after 15 minutes of inactivity, if you want, so there’s less of a chance of people seeing the data.

Why would you want this?  Well, I use a TrueCrypt partition to store all employee performance reviews and other confidential data such as budget information.  If your hard drive is stolen, the thief can easily read unencrypted files–but it is much more difficult for intruders to break into encrypted TrueCrypt volumes!