Protecting Your Laptop Computer and Sensitive Information Abroad
These days, traveling without some kind of access to an Internet connection is almost unheard of. Increasingly travel-friendly laptops are being released, and smart phones and other handheld devices make Internet access a cinch. But how do you store all of your user names and passwords and back up your data securely? With hackers and petty thieves at every turn and new security issues arising regularly, traveling securely while protecting your laptop and sensitive information is becoming an art.
Anil Polat worked as a security engineer and hacker (the legal kind!) for almost six years. During this time he became an expert on advising companies how to better secure their networks and systems. He has since taken this expertise on the road, doing freelance security work, and writing about technology and travel. As a traveler he practices what he preaches, knowing how to keep his information secure. He was kind enough to give us some valuable tips on protecting our laptops and sensitive information abroad.
Online Password Storage Services
There are increasing numbers of online password storage services becoming available, which allow you to store a database of your user names and passwords online. Sometimes these services also allow you to store image scans of official documents (like passports) for posterity, which is a great added-value benefit. Some are free, while others carry a monthly or annual charge for their services.
However as with all things online, there are security issues. “The problem with online password storage is you've got to trust the computer you're working on and the security of the databases on the other side—not to mention everything in between,” says Anil.
Not only that, but as you might suspect, online password storage services are hot commodities for hackers. You use one password to access the online storage program which houses all of your other passwords. Anil indicates that despite encryption and security measures, “you've got all of your eggs in one basket. Many hacks are against the databases where the provider keeps all of your sensitive information and it's completely out of your control.”
Anil generally eschews the use of online password storage services, admitting that there may be some good carriers out there, but trusting none of them for these fallacies that can defeat the best of intentions.
“You're better off writing down your passwords on a sticky note and carrying it in your pocket. Passwords aren't nearly as valuable when they aren't associated with anything.” Practically speaking of course, it may not be as simple as a sticky note for your pocket, since each password comes with a complicated user name that you also need to remember, and depending on how many passwords and user names you are juggling, you might find it difficult to organize this information in a way that makes sense to you but not to onlookers.
Two-Factor Authentication for Secure Sites
Some secure online services use a 2-factor authentication approach, which is one of the most secure ways to access sensitive online documents and services. Paypal for example, offers a security key which is a device the size of a credit card and costs $5. It generates a rotating password every 30 seconds, and you need this password in addition to your regular one to access your Paypal account.
Some secure sites like banks offer (but don’t advertise) these services, so it does not hurt to ask, and Anil suggests that unless an online storage service employs the same security measures, he will not use it.
Password Storage Offline
An alternative to storing your user names and passwords online is to house them on your laptop or other local device. There are free services which allow you to do just that within an encrypted local database, such as KeePassX and Password Safe, both of which Anil recommends.
However whether storing your user names and passwords online or offline, you still need a password to access the database! Anil cites password selection as the weak link which leads to most account intrusions.
“Most password thefts happen because people pick terrible passwords. The best passwords are randomly generated and eight or more characters. Go to GRC's password generator, copy and paste any eight characters into [your password storage service], and that's it. All you have to do is remember your “master password” for the program.” Now that, I can write on a sticky note and not lose.
Protecting Your Laptop Computer Files
Storing your user names and passwords on your laptop is not infallible either; since if your laptop is stolen or searched, then unprotected information can be accessed. Alternately if your laptop is the only place you store this information, then theft or damage can leave you stranded.
“There isn't one secure way because as a traveler you're often securing from multiple threats,” says Anil of protecting personal information while traveling. Between prudent use of backups and encryption programs, however, you can minimize and manage the risks.
Anil cautions that simply encrypting your sensitive files will not cut it if you are searched. “Some governments (the U.S. included) can request your laptop at customs. You're legally obligated to give them your login password so simple encryption won't cut it. I like to create TrueCrypt hidden folders and also a visible encrypted “important but not as much” folder in case someone asks.”
On top of this, Anil also encrypts his entire hard drive. He recommends TrueCrypt for Windows users and FileVault (which is built-in) for Mac users. He suggests that setting up this diversification of security measures can take as little as 15 minutes for a novice and might protect you from much bigger hassles down the line.
Backing Up Your Laptop Computer Files
Of course, you are also advised to back up your laptop regularly and to keep the backups in separate places, so the disappearance of your laptop does not also mean the evaporation of your personal information and documents too.
There are a number of ways you can back up your electronic files. Anil, for example, has two backups going all the time. “The first is a 1GB USB drive that is protected using TrueCrypt hidden folders. I use this to store very important documents, pictures, and files I'm actively working on.”
As for the second backup (which is of his entire laptop), Anil uses CrashPlan, an online backup service whereby “the free version lets you use other computers as backup destinations. CrashPlan automatically sends my updated files over to an old computer I've got at my parent's house as well as a Mac Mini I leave in a safe place.”
Thinking that Anil would be leery of transmitting his personal data online to back up his data to remote computers, I was surprised when he said he was satisfied with CrashPlan’s encryption process. “CrashPlan encrypts the data being sent online as well as the backup sitting on the other computers. It's technically not the strongest encryption (128-bit Blowfish) but it’s good enough for most people.”
And of course, the biggest factor to consider when backing up your laptop files is keeping your backups separate from your laptop itself. “Traveling with an external drive is great until your backpack is stolen,” says Anil of managing the plethora of on-the-road security concerns.
Alternate backup methods include burning CDs or DVDs (and even mailing them home periodically if you do not want to carry them with you), using an external hard drive which you keep separate from your laptop (this is the preferred method of many travelers), taking advantage of online storage options, or even connecting remotely to a computer at home to which you can download your files (similar to Anil’s plan).
No one backup or storage solution is perfect for everybody. Your personal travel style, habits, and preferences will dictate which method works best for you. After interviewing Anil though, I am inspired to improve my own laptop security plan, and with his suggestions I now have the tools to do it.