Ways to Secure Files in OS X

by James R. Stoup May 17, 2007

Do you know how to make your files secure? Do you know how to put a password on them? Make them invisible? Encrypt them? If the answer to any of those questions is “no,” then you are in luck because you’re about to learn all about making your files more secure.

There are three primary ways of protecting your data: invisibility, passwords, and encryption. Making files invisible just means that other users can’t see them. And while this is a novel approach to protecting data, it isn’t very useful as a genuine security technique, simply because anyone who really knows what they are doing can find your files. Next we have passwords, which are very useful. However, a file with just a password is kind of like a nice lock on a glass house. You can’t get in, but you can see everything. Finally we have encryption, converting data into a cipher. A very useful technique (one which FileVault uses to good effect) that comes in varying levels of security. Outlined below are instructions to employ all three of these methods along with my thoughts on their merits.


Hiding Files

Use HideOut or Secret Folder
Pros—easy, simple, nice solution, HideOut is free
Cons—advanced users can find your files, Secret Folder costs money, not a permanent solution

Great if you just want to hide your collection of gay biracial midget porn, but not so good for just about anything else. However, if you feel you simply must have this ability, at least use HideOut, as it is free. (Secret Folder will run you $20.) This is also an amusing way to annoy other users on your system by making all of their files disappear. Try it once for the thrill and then move onto something better.


Passwords & Encryption

Create an encrypted disk image with password protection
Pros—easy, free, very secure for what you need
Cons—duplicates files, fixed size, kind of a hassle to use

To make a secure disk image, first open up Disk Utility and click on the New Image icon. Next, choose where you want it to be saved. This next part is very important: you must select the size you want your image to be. Too small and you will fill it up too quickly, too big and you will waste lots of space on your machine. After deciding the size be sure to set the encryption (or else what’s the point?) to “AES-128” and you can leave the format as read/write. Finally, click create, enter the password, and you are done. Now you can copy your files/folders onto the image. When you’re done, eject the image. From that point on, opening it will require the password. And you better not forget it either because there is no going back if you do. This method of encrypting files is useful because it is free (Disk Utility comes with OS X), it is easy, and it is very secure (containing both a password and encryption).

 

Create a separate user account using FileVault for secure data
Pros—very secure, very easy, password-protected, free
Cons—requires lots of space, requires fast-user-switching to be turned on, cumbersome, inconvenient, only works if you (and only you) have the administrator password

Simply create a new user account and dump all of your secure files into it. To gain access to files from your “main” account, use fast-user-switching and the “shared” folder to swap files. Of course, this method requires all the overhead associated with creating a new user. And lest we forget, the system administrator would still have access to your files. But other than those slight problems it will work just fine.

 

Use iCrypt
Pros—very simple, very secure, doesn’t require lots of hard drive space
Cons—costs money ($16), bugs can cause loss of data

A nice and simple piece of software that does exactly what you expect and nothing more. Simply run it, set your preferences, and then drag-and-drop to encrypt files. Encrypted files are also self-extracting. This means that you can encrypt the file and then send it to someone else and as long as person #2 has the password, opening the file will automatically decode it. This means only the person doing the encryption has to have a copy of iCrypt. Beware though, this is shareware. Use at your own risk.

 

Use OpenSSL and the Command Line to Encrypt a file
Pros—extremely secure, free, makes you feel extra cool for using the terminal
Cons—if you don’t know what you are doing NEVER touch the command line

Very slick little utility for encrypting files. And it requires using the command line to encrypt/decrypt files. This is very nice for use around people who have no idea what a terminal is. For detailed instructions check out OpenSSL and for quick instructions try OS X Daily.

 


Other tools to checkout:
Tresor ($35)
Crypt3 ($10)

 

 

Comments

  • Rather than using HideOut you can achieve the same thing with some OS X Terminal knowledge….

    Create a directory with a ‘.’ at the beginning and place any file in there, they will be hidden and not indexed. Then use the ‘open’ command to get at your files. Make sure you don’t name your directory the same as something Mac OS X uses or else you will get into some headaches.

    Launch Terminal and type:
    mkdir .hidden <hit enter>
    open .hidden

    Kamran had this to say on May 17, 2007 Posts: 2
  • until your suggestion, i never thought of leaving open a filefault encrypted disc image where i vould just cumulatively toss confidential stuff! ...

    i had always (mis)imagined the chore of having to stop all my work, makle a dmg, then start adding files etc etc.

    i like the idea except i have two concerns ...

    first, backup software can NOT selectively (incrementally) archive the contents of an (mounted and unmounted) dmg, especially of it is encrypted by filevault.

    second, i presume there is a HIGH risk of data corruption to a mounted writable dmg (espcially if encrypted) - due to constant app-level or even complete system-level hanging that one must endure in os/x (seems more like sys 7.5 to me!).

    ... is this assumption about the risk correct? ... or does journaling protect the mounted dmg from corruption when there is a hang -> forced quit or -> hard restart?! ... also the aspect of encrypted virtual memory -  does journaling protect an open (crypto) dmd from damage when its contents have been already paged out to (encrypted or non-encrypted) VM file?

    is there aperformance penalty to read/write into an encrypted (mouted) volume?

    is there spotlight plugin that will allow indexing of encrypted material? - ie demand a password before it accepted a search term on on an encrypted volume (dmg)?

    zahadum had this to say on May 18, 2007 Posts: 6
  • My opinion is that one of the most successful way to protect your files is encrypting them considering the file extensions you have on your computer. Encrypting the most important ones will keep your sensitive data protected at all times.

    IBMdude had this to say on Sep 05, 2011 Posts: 50
  • i had always (mis)imagined the chore of having to stop all my work, makle a dmg, then start adding files etc etc.
    professional research paper writers

    Ericka Bentle had this to say on Oct 12, 2011 Posts: 64
  • Page 1 of 1 pages
You need log in, or register, in order to comment