Keeping It to Yourself
644
Beefing up your password
Sorry to have to tell you this, but using the name of your pet parrot (dead or
alive) as a password is pretty lame. So, too, is using your birthday or your
wife’s middle name.
The problem is that a dedicated hacker could probably find any of these
details with a bit of searching on the Internet. Don’t use your birthday, birth
year, your partner’s name, your children’s names, or anything else that a
determined hacker might be able to glean from public records. An auto-
mated assault could try every possible pet name — trust me, there aren’t
all that many — to get into your system.
✦ Go alpha and numeric. The best way to create a strong password is to
use a combination of words and numbers that have meaning to you but
aren’t traceable to you. Do you remember an old friend’s phone number
(not their current number)? Did that friend have a strange nickname?
And was there a particularly unusual food that you — or your friend —
enjoyed or despised? Using that formula, I might construct a password
like this: ReverendKL5-1243TofuPie
No way could someone guess that password or could a computer ran-
domly figure it out. (Note that not all operating systems or web sites
distinguish between upper- and lowercase, but it can’t hurt to include
them.) And I could even make a great big note on my desktop that
reminds me of the password but would be of no help to anyone else.
The hint might say: Fran’s nickname, phone, yucky soy dessert.
✦ Make it meaningful. A totally random password like J8kl)$32H*/xc is a
very strong defense, but is also very difficult to remember, and in some
cases a password-cracking program may determine the method used by
your software’s random-password generator.
✦ Be unpredictable. If you want to include the word Spoon in your pass-
word, try replacing one or both of the letters o with a zero. Or even

better, try something odd like a pair of parentheses to represent the o.
One example: sP()()n
✦ Be fickle. Change your passwords every few months. I know that’s
easier said than done, but it’s good practice in case someone has picked
up some of your personal information and is poised to attack. One way
to avoid having to come up with a completely new password is to create
a replaceable component. For example, if your current password is
ReverendKL5-1243TofuPie, you could change the food every few months.
Make it ReverendKL5-1243Curds&Whey for a while, and then change it to
Tapenade.
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 644
Book IX
Chapter 1
Traveling with
a Laptop
Keeping It to Yourself
645
Locking the software
If a thief is after your machine, she doesn’t want to damage it; that would
reduce its value. But if a laptop’s real worth is the information on the hard
drive, a bit of broken plastic won’t stand in the way of a theft. Or the crook
might even remove the hard drive — smaller than a paperback book — and
leave the computer.
The most important strategy is this: Always act as if the information in your
laptop is about to disappear. It (along with the machine that holds it) could
be stolen or lost or corrupted or made unreadable. Therefore, please remem-
ber Sandler’s Top Three Rules of Laptop Data Security:
1. Back up your data to a form of removable media.
2. Keep the backup in a safe place, separate and apart from the laptop.
3. See Rules 1 and 2.

Keep all sensitive information off the hard disk drive:
✦ If your office is set up with a secure web site, keep data there and sign in
over the Internet.
✦ Store all sensitive information on removable media. Consider these
possibilities:
• A password-protected USB flash disk. Corsair’s Flash Padlock is a
block of flash memory that you can access only after you enter a
numerical password of as many as 10 numbers, which, not coinciden-
tally, is the same length as a phone number. (I suggest using a phone
number of a friend or relative with a different last name.) Once the
Corsair is unlocked, it appears just like any other storage device on
your machine; it automatically locks when you remove it from your
laptop. The product is available at retail stores and web vendors.
• A fingerprint reader. These block access to the hard disk by anyone
other than the person attached to the proper finger. IBM (and its suc-
cessor owner of the laptop line, Lenovo) has offered this technology.
A small reading pad, on the wrist rest below the arrow keys, verifies
a user’s identity when he swipes a finger across a tiny sensor. Once
identity is established, users are automatically logged on. The solu-
tion blocks most casual attempts at unauthorized use, but probably
wouldn’t keep someone from removing the hard disk drive and
offloading its information to another drive.
• A CD-R, CD-RW, or recordable DVD that you can mix in with your
music disks and store away from the computer.
✦ Store the removable media in a different suitcase or in your pocket.
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 645
Keeping It to Yourself
646
Requiring a password to log on to Windows
When you install or activate Windows, you’re offered the opportunity to add

a system password that must be entered each time the machine is turned
on; on advanced versions of the operating system a distinction is made
between the Administrator (who can change the system’s configuration and
settings) and a User (who can sign on and use the system but can’t change
the way it operates).
Enable and set a Windows logon password. Although this isn’t a very strong
defense against a determined hacker, it should protect against unwanted
access by an amateur. Passwords are usually set at the time Windows is
installed or first activated; you can also add a password to a system already
configured if you have Administrator access.
To enable or change password on a Windows XP or Windows Vista machine,
follow these steps:
1. Click Start ➪ Control Panel ➪ User Accounts.
2. Click an option based on your needs:
• Choose an Existing Account (Go to Step 3.)
• Add a New User (Go to Step 4.)
3. Choose Add or Change a Password.
4. Establish a password.
The logon screen appears. It includes a password hint to help you
remember a forgotten code; be as vague but meaningful as possible in
creating a hint.
Adding a password won’t prevent someone from stealing your laptop, and
some programs allow hackers to break most codes. In addition, putting a
password on a drive does not prevent someone from reformatting the drive
or replacing it with a new one, although your data may be protected from
misuse.
If you created a system or startup password, you can later change or remove
it once you properly sign on to the system. Under Windows XP or Vista, do
this:
1. Go to the Control Panel.

2. Click the User Accounts icon.
3. Click one of the following:
• Create a password for your account
• Change your password
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 646
Book IX
Chapter 1
Traveling with
a Laptop
Keeping It to Yourself
647
4. Type the password in the New Password box.
5. Type the password in Confirm New Password box.
If you forget your password, you can use a password reset disk to create a
new one; the “disk” can be a USB flash drive or CD. To create the disk, follow
along:
1. Open the Control Panel.
2. Click the User Accounts icon.
3. Click Create a Password Reset Disk.
You should create the reset disk and store it away in a safe place; if you
don’t have a reset disk, you may lose access to your operating system
and files.
Some third-party and free sources offer tools that allow you to get past a
forgotten or corrupted system password; that fact should give you pause.
Microsoft itself warns that this is not an industrial-strength lockdown of your
data but merely part of a comprehensive security plan.
Password protecting and encrypting a file
Most current software programs (including the Microsoft Office 2007 suite
and later editions) let you encrypt and add password protection to an indi-
vidual file. The lockdown can prevent someone from opening, deleting, or

changing a file. Again, the level of security isn’t anywhere near that used by
spy agencies, but it should deter the casual finder or keeper of your laptop.
Microsoft doesn’t offer any assistance in recovering a lost password; if you
lose the password, you won’t be able to open the file.
If you must write down the code for a file, do so in a notebook that isn’t
stored with your laptop, and use some coding to hide it. If the password is
the phone number of an old friend plus the year your cat was born, make a
note like this: Chuck#+catyr.
To encrypt and set a password to open a document, do the following:
1. Open the Microsoft Office 2007 program and file you want to protect.
2. Click the Microsoft Office Button.
It’s at the top-left corner of the screen.
3. Choose Prepare ➪ Encrypt Document.
The Encrypt Document dialog box opens. See Figure 1-1.
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 647
Keeping It to Yourself
648
4. Enter a password in the Password text box.
It can be as many as 255 characters.
5. Click OK.
The Confirm Password dialog box appears.
6. Type the password in the Reenter Password text box.
7. Click OK.
8. To save the password, save the file.
A strong password
✦ Is longer than a short password (at least 10 to 14 characters).
✦ Combines uppercase and lowercase letters, numbers, and symbols. For
example, here’s one: 25yorBit!78.
Use a phone number of someone who isn’t easy to link to you, and mix in a
strange word; WA7202903gruyere. (And no, I don’t use either of those pass-

words in my system or with any banks.) Or you can use an obscure quota-
tion or phrase; don’t use something guessable like “The quick brown fox
jumps over the lazy dog.”
Setting a password to restrict others
You can assign two passwords, and they must be different:
✦ One to access the file
✦ One to provide specific reviewers with permission to modify its content
Figure 1-1:
Microsoft
Office 2007
can encrypt
individual
files created
under any
of its
components.
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 648
Book IX
Chapter 1
Traveling with
a Laptop
Keeping It to Yourself
649
To prevent unauthorized viewers from seeing or changing a file you created
in Microsoft Office 2007, do the following:
1. Open the file.
2. Click the Microsoft Office Button.
It’s in the upper-left corner of the screen.
3. Click Save As.
The Save As screen appears.

4. Click Tools ➪ General Options.
The Tools menu is in the lower-left corner. See Figure 1-2.
5. Type a password in the Password to Open text box.
This password requires that users enter a password before they can
view the document. Under this less-secure system, the password can’t
be longer than 15 characters.
Figure 1-2:
Microsoft
Office 2007
offers
encryption
of individual
files, file-
sharing
limitations,
and read-
only
recommend-
ations.
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 649
Keeping It to Yourself
650
6. Type a password in the Password to Modify text box.
This allows viewers to read a document but requires a password before
they can save changes. This feature doesn’t use encryption; it helps you
control the pool of reviewers who can change a file.
7. Select the Read-Only Recommended check box.
This restricts viewers so they can only read a document, not save it with
changes. When the reviewers open the file, they’re asked if they want to
open the file as read-only. The huge loophole to this method is this: A

viewer can open a file and use the Save As function to copy the file
under a different name for modification.
Changing a file’s password
To change a previously assigned password, follow these steps:
1. Open the Office program.
2. Open the file using the password.
3. Click the Microsoft Office Button.
The button’s in the upper-left corner of the screen.
4. Click Save As.
The Save As dialog box opens.
5. Click Tools ➪ General Options.
Since you signed in with the password, it appears on the screen.
6. Select the existing password.
7. Type a new password.
8. Click OK.
You’re prompted for the password again.
9. Retype the new password.
10. Click OK.
11. Click Save.
If prompted, click Yes to replace the existing file.
Removing a file’s password
To remove a password from an Office file and allow free access to it, follow
along:
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 650
Book IX
Chapter 1
Traveling with
a Laptop
Encrypting the Disk
651

1. Open the file using the assigned password.
2. Click the Microsoft Office Button.
It’s in the upper-left corner of the screen.
3. Click Save As.
4. Click Tools ➪ General Options.
Since you signed in using the password, you can see the password on
the screen.
5. Select the password.
6. Press Delete.
7. Click OK ➪ Save.
If prompted, click Yes to replace the existing file.
Encrypting the Disk
For a deeper shade of security — in most situations and against most
evildoers — the solution may lie in whole disk encryption. Again, a caveat:
the National Security Agency (the domestic spies), the Central Intelligence
Agency (our crack international somewhat-secret agents), and the staffs
of dozens of other government entities, as well as private snoops, can
break just about any code they put their collective minds and banks of
computers to.
But if you’re talking about whether your average street thief can steal your
laptop and then break encryption . . . that’s rather unlikely. The same loop-
hole exists here as with many other systems: A casual thief is more liable to
try to erase or remove the disk and replace it before reselling it.
The idea of whole-disk encryption is that the process is independent of the
operating system; it blocks access to Windows, makes all files on the drive
unreadable, or both. Among sources of this technology are PGP Whole Disk
Encryption and TrueCrypt. And the hard disk maker Seagate is leading the
way from the hardware side with its Momentus drives that include built-in
encryption chips.
Microsoft’s built-in encryption utilities

The Encrypting File System (EFS) permits users to encrypt files so that only
a person who properly logged onto an account can access them. Users with
the following platforms can use EFS:
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 651
Encrypting the Disk
652
✦ Windows XP Professional
✦ Windows XP Media Center
✦ Windows Vista Business
✦ Windows Vista Ultimate
Its primary advantage may also be its disadvantage: No additional password
is needed beyond the one required to log onto an account. Once someone is
through that door, there’s no further protection.
To use EFS, follow this brief set of instructions:
1. Right-click the file or folder you want to protect.
2. Select Properties.
3. Click the Advanced button.
4. Click the Encrypt Contents to Secure Data check box.
When you initially encrypt a folder, the system may require some time to
create a new folder and encrypt its contents; once the folder is marked
encrypted, any file saved or copied to it later is automatically encrypted as
it’s recorded, with little impact on performance.
The downsides of EFS:
✦ If you’re logged into your machine when it’s stolen or lost, the door is
wide open (at least until someone turns it off or it runs out of battery
power).
✦ You may lose file access if Windows itself suffers corruption and must be
reinstalled or substantially repaired.
✦ Hacking tools to get past EFS barriers are widely available.
Microsoft added a stronger and thus far more secure version of encryption

as part of Windows Vista in its Ultimate edition. Bitlocker prevents Windows
from booting without the proper password (before login), protecting both
the operating system and its files. However, it is subject to the first two
shortcomings of EFS outlined before: Once the door is open, all is revealed,
and a corruption of Windows itself could make everything on the disk
unreadable.
For more information on EFS or Bitlocker, consult the Microsoft web site at
www.microsoft.com.
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 652
Book IX
Chapter 1
Traveling with
a Laptop
Encrypting the Disk
653
Software-based encryption programs
Software encryption is the next level up in security planning from scrambling
the data on the disk and requiring a password before they can be read.
However, like a password that exists in the BIOS, software encryption uses a
decoding key located somewhere on the drive, and a determined (or profes-
sional) crook should eventually figure out how to break the code.
No matter what form of software-based encryption you use, keep your
Windows operating system up-to-date and regularly consult your encryption
software maker’s web site for updates. Hackers will always try to prove
their worth by breaking the supposedly unbreakable; if and when that hap-
pens, Microsoft and other makers usually come up with a fix and the game
continues.
Another shortcoming of software-based encryption programs is that they
function as an element of Windows or other operating systems. And in most
cases, for technical reasons they can’t encrypt the operating system files

themselves; they only encrypt data and settings. However, the loophole here
is that most applications store temporary and backup versions of files, as
well as fragments of files, in various places on the disk. These may exist out-
side of the encrypted “bubble” around your critical files.
Examples of industry-standard technology follow:
✦ PGP Whole Disk Encryption offers a platform that lets you use that
company’s file and e-mail encryption products, as well as those offered
by other companies, spread across a managed network. See www.pgp.
com/products/wholediskencryption for more details.
✦ TrueCrypt is an open-source (read: free) disk encryption program. The
software creates a virtual encrypted disk within a file and mounts it as
a real disk. You can use it to encrypt an entire hard-disk partition or a
storage device such as USB flash drive. The process is automatic and
conducted in real time (as data is recorded and without significant
reduction in speed). In theory, a TrueCrypt volume can’t be identified
or distinguished from random data.
It’s impossible to beat the price on TrueCrypt, since it’s offered for free.
However, as an open-source product (meaning that anyone can read and
modify its coding), there’s always the possibility that someone might
succeed in cracking its system or corrupting it. Use the Internet and
user groups to check on the current status of the product. Consult
www.truecrypt.org for more information.
✦ Cryptainer is available in a free basic version called Cryptainer LE and
a more fully featured commercial edition. Cryptainer Mobile edition
encrypts any data on any media including USB flash drives, CD or DVD
46 140925-bk09ch01.qxp 4/8/08 12:53 PM Page 653