Fog Creek Software
Discussion Board




Secure, portable storage devices?

I'm getting to the point where it's a real pain to have to remember all my online passwords, PIN numbers, etc. I'm therefore thinking of investing in some sort of portable data storage device that I could use to store all these details, plus perhaps transport data from work to home etc.

I could invest in a simple USB memory stick of some kind, but what I'm really looking for is something that's:

- very small.
- very unobtrusive.
- completely secure -- by that I mean that if I lost it, no one else would ever be able to get at the data.
- ideally, lets me "unlock" and view different files independently of each other, so I didn't have to put all my passwords, PINs etc. inside one big textfile.

What do people think? Do devices like this exist, or are the requirements mutually contradictory? Is this even a good idea or should I buy a book on how to memorise numbers?

Thanks in advance, any advice or discussion welcomed.

Probably better to remain anon for this posting.
Monday, March 15, 2004

An encrypted text files and a customized decrypter application on a floppy, that is also password protected. Thats what I used. Actually my data was in  binary format. Not ASCII.

Of late, I've noticed some machines do not have floppy drives, a PITA for me, but hey, thats progress. So I've moved to one of those cheap small factor "visiting card" CD-ROMs. The fit neatly into my wallet.

KayJay
Monday, March 15, 2004

Well you could just get a PDA and some software.
I've used a free program called Strip with my Palm for 4 years now to store all my passwords, bank account numbers, social security and passport numbers etc etc.
Since I always have the PDA on me (for various other uses) this has come in handy a lot.
Strip uses,  I think, 128 bit DES encryption. There are many other freeware and payware apps that do the same including I think, two implementations of PGP on the Palm, and of course,  similar programs for Pocket PCs.

Of course you have to turn on the PDA, run the program, and enter a (master) password before getting to your password list, so if you were looking for a solution that could be read by your pc automatically, this isn't it.

rhubarb
Monday, March 15, 2004

Here's a USB Thumbdrive that is protected by both a password and built-in fingerprint scanner http://www.eyenetwatch.com/USB_hard_drive/fingerprint-usb-drive.htm?BansidheGraphics

Ken Klose
Monday, March 15, 2004

Have the USB Drive on your neck with a rope. That's the most secure ever. I use it now, an MP3 player, Voice Recorder (for speech training), FM Radio, and USB Drive. As the earphone comes with a neck rope to tie it with the device, I find that it is an amazing invention as it is ALWAYS there. No need for encryption.

Richard Sunarto
Monday, March 15, 2004

I use "SplashID" on my Palm. It has everything: credit card numbers, passwords, frequent flyer numbers, voicemail numbers. It's very helpful. I recommend such a program.

David Fischer
Monday, March 15, 2004

Second vote for "Strip" ("System To Remember Important Passwords") on the Palm.

- former car owner in Queens
Monday, March 15, 2004

I believe SONY has the device you are looking for. It is a small USB memory drive that is secured by a fingerprint.

Unlike many similar devices, the SONY device doesn't require drivers and supports Windows, Mac OS X and Linux. It works by having two drive partitions: one unencrypted and one encrypted. The encrypted partition is off-line until you authenticate using your fingerprint; and once you've authenticated, you can continue accessing the encrypted drive until you disconnect the device.

One major advantage of the SONY device (and the reason it doesn't require drivers) is that all biometric matching occurs on the device meaning your fingerprints are more secure. This makes hacking the device or pulling out a biometric template from the device very difficult. Furthermore, the encryption is performed on the device meaning there isn't any way to access the encrypted data short of authenticating with your fingerprint.

I had the pleasure of evaluating these devices and several other fingerprint secured USB memory drives while working for a biometric consulting company; and I found the SONY devices to be the best. They even impressed our security architect who scoffed at almost every vendor's claims to offer secure solutions.

Jeff Watkins
Monday, March 15, 2004

Pros and cons:

- an encrypting program on a PDA would allow access to your info independent of any other device (for example, if you're at an airport and want to access a calling card or frequent-flyer # while standing at a payphone), but would be somewhat more cumbersome for the secure-file transfer function

- a secure USB drive would be terrific at file transfers, or if you're ALWAYS at a PC when you need your info, but could be a real PITA if you needed to retrieve something and no PC was handy (airport, car, etc.)

So - which scenario are you trying to address?  Or are you looking for something that would work for both?

- former car owner in Queens
Monday, March 15, 2004

Thanks for the comments everyone, they've been very helpful. I'm going to go with STRIP or one of the other PDA-based systems for my passwords and PINS, and a normal thumbdrive for data transfer. I've realised I can get a lot more flexibility if I separate data-transfer from password-storage, and just don't put anything sensitive on the thumbdrive.

There are scenarios where I'd need to get at the passwords without having access to a PC (telephone banking, sitting in a cyber-cafe where they won't let you plug in a USB device etc) so that seems like the best compromise.

Probably better to remain anon for this posting.
Tuesday, March 16, 2004

*  Recent Topics

*  Fog Creek Home