Category Archives: Security

Email Encryption – Part 2



Email encryption is rapidly becoming more of a necessity than a whim. With governments constantly scanning virtually everything you do or say, even the simplest, most innocent email can sometimes lead to problems for the sender or receiver. What is the easiest way to encrypt an email? I described on fairly simple way in this post, and this time, I’ll tell you about something that might even be simpler.

Microsoft Word includes the option to encrypt any document that you create. Here’s the menu where you choose to encrypt your document and lock it with a password:

The Menu for Word Encryption and Password
Choose 'Encrypt Document'

Once you have chosen to ‘Encrypt Document’, this is the menu that pops up:

The Password Entry Menu
This is where you type a strong password.

Make sure you do two things when you get to this point. First, make sure you create a strong password. Don’t use a word or a phrase, make sure it’s either mnemonic (sounds like something you would remember) or long. Always use both letters (caps and small), numbers as well as symbols. A 10-14 digit length is adequate.

Second, make sure you write it down somewhere AND encrypt that, too. If you lose the password, you’re out of luck as far as retrieving your document. Word doesn’t save your password somewhere, it just encrypts the file and encrypts the password too.

Is this a safe way to encrypt something? Well, unless you are a spy, this is about as good as it gets. As long as you choose a password that is at least 10 digits long AND use both upper and lower case letters, numbers and symbols, you’re safe.

OK, so this part is done. Just attach the encrypted document to your email and send it off. But, you ask, how do you send the password? Well, you can send several innocent emails with clues in them which would lead the recipient to the password or you could do that in person, on the phone or via SMS text messages. Whatever you do, make sure that you take as much care with transmitting the password as you do with encrypting the Word document.

If you use Notepad++, you can install the SecurePad plugin to encrypt and lock the whole document or parts of it with a password. Notepad++ is free and tiny to install. This seems like a good, free alternative, specially if your recipient doesn’t use Word.

Sending encrypted documents isn’t illegal…yet. Personally, I don’t like the idea of nameless government/police types reading what I write to my friends. Not only that, a lost laptop opens everything up to a thief (unless you’ve encrypted your whole hard drive), including all of your saved messages. For individuals concerned with privacy, encryption isn’t a luxury, it’s a necessity.

Thanks for reading! Feel free to comment or make suggestions.



Security – Strong Passwords



The biggest part of online and computer security is figuring out a strong password. Today’s post will be short, to the point and, I hope, fun. Here we go:

1. WordPress passwords are already quite secure, I mean the default ones. They are made up of letters (caps and small), numbers and symbols. When it comes times to add a new user, here’s a neat trick that I use with the help of Google Translate. I type in a phrase that is easy for me to remember, then I translate it into a foreign language. That foreign language has to use the same letters and symbols as English, Chinese doesn’t work, but if you choose something like Creole, this system will work well.

Example: I hate chickens translates in Creole to: M ‘rayi poul

That example is far too short to be really secure but I’m sure you know what I mean. The best part of this is that some of the symbols are already there. French uses different accents with some letters which would be very difficult to crack.

2. Mnemonic passwords are always fun, too. You can make up your own or try this website: Mnemonic Password Generator It will create a password for you which should be easy to remember with the use of sounds and the use of words for the five symbols in the generator.

3. Simply using 3 instead of e or 5 instead of f will create a strong password. Add to that some symbols, maybe enclosing everything in (brackets) works well, too. Typing symbols instead of your year of birth is another suggestion. !(%@ is 1952, right? Mix things up a bit and use things you know as well as mnemonics and you’ll be secure in everything you do online.

4. Passwords for online banking, email and blogs should be very secure. Keeping track of them on your computer doesn’t have to be as secure but you still want to prevent anyone from accessing them, just in case your computer is stolen. Using Locknote, as described in my last two posts is easy and fast. Send the Locknote to yourself in an email and keep a copy in your Dropbox.

5. Finally, change your passwords every few months. If you feel that something strange is happening in Facebook or your email account, change your password immediately. Don’t wait! If you’ve clicked on something and don’t feel comfortable about it, change your password immediately. Getting your account back after you’ve been locked out is time consuming and, frankly, embarrassing.

Thanks for reading! Follow me on Twitter: @_BrianMahoney



Email Encryption



This is my second security related post. In searching for an easy way to encrypt email messages, I discovered that every technique was far to difficult to gain wide acceptance. How many of us use anything but web-based email anyway? POP3/IMAP email is what your ISP offers you when you sign up for your Internet access and, to my mind anyway, it’s a thing of the past. When you change ISPs, do you really want to change your email too? With web-based email (think Hotmail or Gmail), your email address is permanent, more or less.

Besides the problem with changing ISPs and having to change your email address, POP3/IMAP systems require you to download your email to your computer in order to read it. If there is a virus or malware in your email, it’s pretty obvious that it’s on your computer now, too. With web-based email you would have to download an attachment or click on a link in order to get burned by malware or a virus. Sure, it can still be done but the email isn’t on your computer. It’s on your email company’s servers and those are usually protected by reasonably robust virus scanners.

Given all the above information, what is the easiest way to encrypt your email? Well, my best bet would be Locknote by Steganos. As described in my last post : Security and Encryption , Locknote is a free, self-contained encryption container, program and message all in one unit.  Every other method required the use of a fully installed program, keys and confusion. Locknote is as simple as the proverbial pie. Here’s how you use it to encrypt your email:

1. Download and unzip Locknote.

2. In the Locknote folder, copy the locknote.exe file and put it on your desktop. Leave the original locknote.exe in the original folder.

3. Double-click the .exe file and you’ll see this:

locknote opening message
This is all you get, a simple, self-contained app.

4. The text that you see is a description of what Locknote is. Highlight and delete that text and write your own note here. Sure, it looks like hell but it’s just an email message, nothing fancy anyway. When you are finished, close Locknote using the red X up on the top right. This is what you will see next:

Enter your password
Before you can save the note, enter a STRONG password

5. This is where you are in control of your own destiny as far as sending encrypted email. A strong password is made up of three things: letters, numbers AND symbols. Don’t use a phrase or a name, use a series of numbers, letters and symbols. Symbols are !@#$*&^%, things like that. Use more then eight, fourteen is a good number here. Once you have settled on a password, and there are lots of ways to remember a good one, type it into the space and then enter it again in the second space that pops up next. Click OK.

6. At this point your Locknote.exe file is encrypted. No one can open it without the password that you just entered. Even you can’t open it if you have forgotten your password. Locknote uses ‘AES 256bit encryption’ and it’s secure, believe me. You can open the file, change the text and close it. Locknote will use the same password each time you close the program after asking you if you want to save the changes. The note can be changed 100 times but the password will stay the same UNLESS you decide to change the password. (File, Change Password)

7. Once your ’email’ note is written, you have to do one of two things in order to email it to someone. Actually, three things because you have to somehow get the Locknote password to that other person. You can use a separate email, a text SMS message or a telephone call. Think of something creative but DON’T put the password in the same email as your Locknote attachment.

Here are the two things you can do. Choose one, whatever is simplest for  you and your recipient:

1. Since you can’t send an ‘.exe’ file in an email. Here is what you’ll see:

Hotmail refuses to send an .exe file
For obvious reasons you can't send an .exe file in an email.

In order to get around this, you’ll have to change the file type from ‘.exe’ to ‘.txt’. Right-click the file and choose rename. Move the cursor to the far right, backspace three spaces (to the period) and type txt. Then hit enter and you’re done. Now you have locknote.txt on your desktop. If you try to open this file, Notepad will open it, no problem, but it will show as gibberish.

Open Hotmail or Gmail and attach the file ‘locknote.txt’ to it. In the body of your message, tell the recipient to download the file and then change the last three letters to ‘.exe’ instead of .txt. At that point, Locknote will work again. Your friend just has to double-click it, enter the password and read your message. To reply, all they have to do it delete your text or add to it and reverse the process.

2. The other way to send Locknote through your web-based email is to make a zip file. Right click, choose ‘add to zip’, choose a name and that’s it. Send it off as an attachment and have the person on the other end unzip it. Fairly easy but I prefer the first option.

If all of this seems too technical or too difficult, then you have to trust that no one else will read your email. If you really want to keep your email private, this is by far the easiest way. If any part of this is confusing, comment or ask me on Twitter.

Thanks for reading! Follow me on Twitter: @_BrianMahoney



Security and Encryption



It seem that every day we hear about people spying and snooping into other people’s email and personal information. I thought it was time to start a series that would help you keep your stuff safe from prying eyes.

If you do have something to hide, you already know how to keep snoops out. For the rest of us, the next few posts will deal with security, basically how to lock your emails and files up so no one can get at them.

Steganos, a fairly well known online security company, has created a free tool, Locknote,  that encrypts text. It’s deceptively simple, very small and does not install itself on your computer. Locknote is both the container and the text file at the same time, the term self-opening works here.  There is no special hardware or program needed to make it work. Locknote is almost too simple for words. Here’s how you make it work:

1. The download link is here: Locknote  At the time of writing, the link led to Sourceforge.net . This might change but, don’t worry,  you’ll be able to find it.

2. The download is a zip file. Unzip it and copy the folder that is created to your desktop or to your Dropbox folder.

3. Inside the folder is an .exe file and the source code for Locknote. All you need is the .exe file. The source file is for developers.  You can move the .exe file onto your desktop and delete the rest of the folder.

4. Double click the locknote.exe file. This is what pops up:

the locknote window
This is all you see when you start Locknote.

5. Don’t get confused here. This is all you get. What you are seeing is the program and the password locked note, all in one. Type something. You’ll see that I typed a few letters at the bottom. Close the program by clicking the red X on the top right. (Duh, right?)

6. Locknote will ask you if you want to save it. If you say yes, it will prompt you for a password. Once you put in the password, DON’T FORGET IT! If you do, you’ll be locked out of Locknote. Sure, you can simply download it again but the point here is that if you lose the password later on, all of your important or personal stuff will be lost. You’ll be locked out!

7. You have to look at Locknote as a self-contained encrypted container, program and file, all in one. You can carry it around with you on a flash drive, store it online  or send it to yourself in an email.

 To send Locknote in an email :  Put it into a zip file or rename the locknote.exe to something like locknote.txt. Most email programs will not allow you to send an executable file as an attachment. Change the .exe at the end to .txt then change it back to .exe when the other person gets it. Ignore the warnings from Windows, it works.

Changing the file type does two things:  First, it makes the program fit to be emailed and, second, it adds another layer of security to your personal information. If you rename it to adcsn.txt, who will know what that file is? Only you. You can bury it inside of Windows, in another folder; pretty much anywhere you want. As long as you remember the password, all you have to do is change the last three letters (the ones after the period) to exe. You don’t even have to name it Locknote.exe since ‘note.exe’ will work just fine.  Beauty, right?

 What will you put in your locknote file? Just about anything you want. File size is unlimited. It can only be text, of course, but you can put in dates, passwords, personal information, stories, love letters, anything you want. If you have someone that you want to email on a regular basis, or if you want to send someone a bit of personal information, use locknote. Change the last three letters and send the result as an attachment. Have the person rename the file at the other end and use the password to open it. Locknote uses 256 bit encryption. You can rest assured that no one will be able to access your files, even if they do fall into the wrong hands.

TIP: Locknote can be in several places at the same time. You can use one file for passwords, one for banking information, whatever you want to keep hidden. You can use the same password for each one or different passwords, just keep them organized so you know which pw opens which Locknote.

TIP:  Locknote is only as secure as your password. For goodness sakes, don’t use your normal password here. Make up a good one, fourteen or more digits, letters (upper and lower case mixed), symbols, etc. Don’t even think about using a real word or anything about you or your life. Make it obscure and write it somewhere else as if it was something else. Send it to yourself in an email or use some kind of mnemonics to remember it. If you lose it, no one can help. If it’s strong enough, no one can get into your files. Cool huh?

TIP: You can copy the Locknote file and paste it anywhere on your computer. You can have the same file in ten different places although, of course, once you change one version the rest won’t be synced with it.

That’s the first post on security. Keep coming back and I’ll have more. I’ll help you keep your personal information and email out of the hands of anyone who’s snooping around where they shouldn’t.

Thanks for reading! Follow me on Twitter: @_BrianMahoney