blog.gkaindl.com

Mac Tip: Encrypted Storage

There’s a list of 10 free ways to store passwords securely on Lifehacker today. However, they’ve left out one very simple while extremely flexible method for Mac users that I’ve been relying on for quite some time.

For most passwords, the MacOS X keychain is a great solution, since .mac users can even sync it among various computers (such as a laptop and desktop Mac) and it’s really implemented in a “set-and-forget” manner. The keychain is integrated with Safari, for example, so all my web passwords are securely stored there and get auto-filled if I want to log in to a site again. This also works in most other Mac browsers, save for Firefox, which comes with its own password storage.

Then again, having all the passwords in one human-readable place for quick reference is a great thing as well. And it’s extremely simple with encrypted disk images. Here’s how to do it:

1. Open “Disk Utility” (it’s in the “Utilities” subfolder of your “Applications” folder).
2. Click the “New Image” button.
3. Leave the default settings (or change them if you want), but set “Encryption” to “AES-128″.
4. Save the new disk image.
5. Disk Utility will now ask you for a password. This is the one password that will protect all your others, so choose it wisely. It shouldn’t be too easy to guess, but you should also be able to remember it!
6. Before you click “OK”, make sure that “Remember password (add to Keychain)” is checked (also see below).
7. Congratulations, you now have an encrypted, writable disk image!

To use this disk image now, just double-click it to mount it in the Finder. It shows up as a new volume. You can put whatever data you want onto the disk image, for example, other than storing your passwords in a text file there, you can also store your bank information, credit card details or incriminating photos.

Once you are done, make sure to “eject” the disk image. If you want to access your data again, just double-click the disk image. It will open without prompting you for a password. This is because you have (securely) stored the disk image password in the keychain, but you have also remembered it in case your keychain might get corrupted. Thusly, the disk image can be used to back up the passwords that are usually stored in the keychain safely, without having to enter the master password manually all the time. Also, 128bit AES is a strong encryption algorithm elected to be the new standard for symmetrical data encryption, succeeding DES. This means that your disk image is safe from unauthorized access. Sweet!

Note that everybody logged in with your current user account can open the disk image without being prompted for the password. If you have set your Mac to automatically log you in after a reboot, or if you do not require to enter your password again after waking your computer from sleep, I’d suggest not saving the disk image password in the keychain (just uncheck the box in the “Enter Password” prompt in Disk Utility while creating the image). Since anybody being able to physically access your Mac could easily circumvent the protection, using the encrypted disk image would be pointless in this case.

However, for those of us who require a password when rebooting or waking the Mac from sleep, this is a very easy and flexible way to secure sensitive data in an easy (and free) way.