Encryption


F

formerprof

My credit card number was recently compromised, probably through an on-line
merchant, although there is no way of knowing. I've suffered no loss and of
course the bank has changed my number. The whole affair has forced me to
think about security much more seriously however.

I maintain Quicken 2005 on my main desktop machine and run it in parallel on
my laptop. The files contain my credit card number. I think they must if
statement downloads are to work properly. If physical access to either of
these machines is obtained by a thief those accounts are compromised; I
wouldn't be surprised to find my social security number somewhere in the
machines also. The laptop is of course more vulnerable to theft or loss.

What to do? How secure is Quicken file encryption? If it's like WORD or
EXCEL there are easily available password crackers which open encrypted
files, sometimes in a matter of minutes.

Good wishes to all. Advice & information will be gratefully received.

formerprof
 
Ad

Advertisements

S

Stubby

formerprof said:
My credit card number was recently compromised, probably through an on-line
merchant, although there is no way of knowing. I've suffered no loss and of
course the bank has changed my number. The whole affair has forced me to
think about security much more seriously however.

I maintain Quicken 2005 on my main desktop machine and run it in parallel on
my laptop. The files contain my credit card number. I think they must if
statement downloads are to work properly. If physical access to either of
these machines is obtained by a thief those accounts are compromised; I
wouldn't be surprised to find my social security number somewhere in the
machines also. The laptop is of course more vulnerable to theft or loss.

What to do? How secure is Quicken file encryption? If it's like WORD or
EXCEL there are easily available password crackers which open encrypted
files, sometimes in a matter of minutes.

Good wishes to all. Advice & information will be gratefully received.

formerprof
Quicken's PIN Vault protects login names and passwords. I've never
heard of it being cracked. Quicken verifies your PINVault (master)
password with every use. Likewise, use of SSL prevents a wiretapper
from snatching your password off the wire. Now, if you leave your
Quicken open with confidential info showing, there's nothing you can
do. You might as well publish it in the newspaper. Likewise, you
trust the banks, credit card companies and mutual fund companies to not
divulge your info. So as usual, it comes down to knowing who you are
dealing with.
 
N

Notan

formerprof said:
My credit card number was recently compromised, probably through an on-line
merchant, although there is no way of knowing. I've suffered no loss and of
course the bank has changed my number. The whole affair has forced me to
think about security much more seriously however.

I maintain Quicken 2005 on my main desktop machine and run it in parallel on
my laptop. The files contain my credit card number. I think they must if
statement downloads are to work properly. If physical access to either of
these machines is obtained by a thief those accounts are compromised; I
wouldn't be surprised to find my social security number somewhere in the
machines also. The laptop is of course more vulnerable to theft or loss.

What to do? How secure is Quicken file encryption? If it's like WORD or
EXCEL there are easily available password crackers which open encrypted
files, sometimes in a matter of minutes.

Good wishes to all. Advice & information will be gratefully received.

formerprof
Semi on/off topic...

Citibank has something they call Virtual Account Numbers (VANs)...

You create a VAN on the fly, which is linked to your real account number.

The VAN has a number of options, one of which is limiting the amount of
money available to that particular VAN.

Your real account number never leaves home.

Notan
 
B

Bob Wang

Citi only stores the last 4 digits of your credit card number in Quicken
2006 Premier H&B, at least, from what I can tell.
Even if a hacker cracked your online ID and password, the web site only
displays the last 4 digits as well.

As Notan pointed out, Citi cards also let you create virtual account
numbers.

All my other credit cards store the full account number in Quicken 2006
Premier H&B.

Bob

My credit card number was recently compromised, probably through an on-line
merchant, although there is no way of knowing. I've suffered no loss and of
course the bank has changed my number. The whole affair has forced me to
think about security much more seriously however.

I maintain Quicken 2005 on my main desktop machine and run it in parallel on
my laptop. The files contain my credit card number. I think they must if
statement downloads are to work properly. If physical access to either of
these machines is obtained by a thief those accounts are compromised; I
wouldn't be surprised to find my social security number somewhere in the
machines also. The laptop is of course more vulnerable to theft or loss.

What to do? How secure is Quicken file encryption? If it's like WORD or
EXCEL there are easily available password crackers which open encrypted
files, sometimes in a matter of minutes.

Good wishes to all. Advice & information will be gratefully received.

formerprof
 
A

Andrew DeFaria

Bob said:
Citi only stores the last 4 digits of your credit card number in
Quicken 2006 Premier H&B, at least, from what I can tell. Even if a
hacker cracked your online ID and password, the web site only displays
the last 4 digits as well.

As Notan pointed out, Citi cards also let you create virtual account
numbers.

All my other credit cards store the full account number in Quicken
2006 Premier H&B.
While Quicken may only *display* the last 4 digits, and likewise perhaps
the site only displays the last 4, if the full number is required for
logging into the site then it follows that Quicken would need to know
the full number in order to connect to the web site.

Personally I hate accounts that do no display the full account number.
Often I'm in front of Quicken and need to call the credit card company.
Invariably they'll ask me for my account number. Usually I just go to
the account details to see it but, as you say, some of them don't.
That's frustrating!

The basic premise that I hold is that real security stops when the thief
can physically get a hold of the machine. Not 100% true but mostly true.
 
Ad

Advertisements

B

BRH

formerprof said:
My credit card number was recently compromised, probably through an on-line
merchant, although there is no way of knowing. I've suffered no loss and of
course the bank has changed my number. The whole affair has forced me to
think about security much more seriously however.

I maintain Quicken 2005 on my main desktop machine and run it in parallel on
my laptop. The files contain my credit card number. I think they must if
statement downloads are to work properly. If physical access to either of
these machines is obtained by a thief those accounts are compromised; I
wouldn't be surprised to find my social security number somewhere in the
machines also. The laptop is of course more vulnerable to theft or loss.

What to do? How secure is Quicken file encryption? If it's like WORD or
EXCEL there are easily available password crackers which open encrypted
files, sometimes in a matter of minutes.

Good wishes to all. Advice & information will be gratefully received.

formerprof
This probably doesn't directly address all of your concerns, but it
might help. First, let me say that I don't download credit card
transactions into Quicken. Therefore, I have no account numbers stored
in Quicken.

In regard to your laptop being stolen, etc. -- I use a program that I
downloaded called Folder Lock. I believe it costs about $30 or so. It
allows me to encrypt any files that I want to on my PC or laptop. I
have all of my Quicken files in that encrypted folder. The folder is
not only encrypted, but it isn't even visible to the casual user.

Of course, it takes a few extra seconds to get into Quicken, since I
need to enter a password into Folder Lock, but I find that's a small
price to pay for a little peace of mind.

Just a thought.
 
A

Antoine Mitchell

My credit card number was recently compromised, probably through an on-line
merchant, although there is no way of knowing.
It could have been compromised in any number of ways. Personally, I think it's safer to
use a reliable online merchant than to give your card to a waiter in a restaurant.
If physical access to either of
these machines is obtained by a thief those accounts are compromised; I
wouldn't be surprised to find my social security number somewhere in the
machines also. The laptop is of course more vulnerable to theft or loss.
Use a good encryption program, and keep your Quicken data file encrypted. If the
computers are compromised, the data will be secured.
What to do? How secure is Quicken file encryption? If it's like WORD or
EXCEL there are easily available password crackers which open encrypted
files, sometimes in a matter of minutes.
Go to www.truecrypt.org and download TrueCrypt. It's free, open source, and extremely
secure. The user guide will give you a good idea about how it's used.

Using TrueCrypt, create an encrypted virtual disk - it's a file on your computer that is
entirely encrypted, but can be mounted as if it was a separate disk drive, with its own
drive letter. Make sure to use a strong passphrase to secure it (see www.diceware.com
for info on strong passphrases). Move your Quicken data files into the secured disk,
along with any other data you would like to remain secure.

To access the data, you "mount" the drive using TrueCrypt, and then open Quicken, which
can then access your data files normally, and save any changes. When you want the data
to be secured, just unmount the drive. If anybody gets access to your system, they won't
be able to access your data in any way unless the drive is mounted.

Truecrypt has an option that will automatically dismount any encrypted volumes when the
screen saver activates or after a specified amount of time.

Basically, if you keep your data secure, it doesn't matter if your computer is
compromised. As long as you have a secure passphrase for the Truecrypt file, there isn't
any way that anybody is going to get at your data.
 
F

formerprof

Many thanks to those who responded. I think that BRH's solution --
independent encryption of the Quicken data fits best for me and certainly
requires the smallest adjustment of the way I like to work. Good wishes to
all.

formerprof
 
A

Andrew DeFaria

formerprof said:
Many thanks to those who responded. I think that BRH's solution --
independent encryption of the Quicken data fits best for me and
certainly requires the smallest adjustment of the way I like to work.
Good wishes to all.

formerprof
You do know that NTFS has Encrypted File System (EFS) built in don't you?
 
N

Notan

formerprof said:
Many thanks to those who responded. I think that BRH's solution --
independent encryption of the Quicken data fits best for me and certainly
requires the smallest adjustment of the way I like to work. Good wishes to
all.

<snip>
A few other *very* easy to use programs are available at http://www.pc-magic.com/.

Have a look at Magic Folders and Encrypted Magic Folders.

Notan
 
Ad

Advertisements

D

DP

Stubby said:
Quicken's PIN Vault protects login names and passwords. I've never heard
of it being cracked. Quicken verifies your PINVault (master) password
with every use. Likewise, use of SSL prevents a wiretapper from snatching
your password off the wire.
The account numbers, though, are not "vaulted," are they?
I think the OP was concerned about the acct numbers themselves being
accessible if the laptop fell into the wrong hands.
 
B

bjn

My credit card number was recently compromised, probably through an on-line
merchant, although there is no way of knowing. I've suffered no loss and of
course the bank has changed my number. The whole affair has forced me to
think about security much more seriously however.

I maintain Quicken 2005 on my main desktop machine and run it in parallel on
my laptop. The files contain my credit card number. I think they must if
statement downloads are to work properly. If physical access to either of
these machines is obtained by a thief those accounts are compromised; I
wouldn't be surprised to find my social security number somewhere in the
machines also. The laptop is of course more vulnerable to theft or loss.

What to do? How secure is Quicken file encryption? If it's like WORD or
EXCEL there are easily available password crackers which open encrypted
files, sometimes in a matter of minutes.

Good wishes to all. Advice & information will be gratefully received.
I haven't read through all the answers to your query yet, but here goes...

Make sure your PCs are secure from trojans, spyware and other malware. Your
credit card may have been lifted by spyware running on your own PC.

Store your Quicken data (and any other critical data) on an encrypted
drive. Don't rely on Windows' built-in encryption and security.
Microsoft takes too many shortcuts in the security realm.

Some security products that may be useful in encrypting your data:

Steganos Security Suite
http://www.steganos.com/?product=sss2006&layout=web2005&language=en

I use Steganos Safe
http://www.steganos.com/?layout=web2005&content=products_safe&language=en



Open source disk encrypter (runs on Windows and Linux)
http://www.truecrypt.org/
 
B

bjn

A few other *very* easy to use programs are available at http://www.pc-magic.com/.

Have a look at Magic Folders and Encrypted Magic Folders.


Make sure you look for 256-bit AES encryption capability. That level of
encryption is high enough that, even if your laptop is stolen, your data
will be reasonable safe. If you are not comfortable with the level of
protection that 256-bit AES provides, then the data should not be on a
laptop.
 
B

bjn

The basic premise that I hold is that real security stops when the thief
can physically get a hold of the machine. Not 100% true but mostly true.
Well, how "true" that is depends upon what level of security you need.

For example, 256-bit AES encryption is used by the US Government for Top
Secret messages, yet those messages do not always remain in the physical
possession of the US Gov.

True, nothing is ever 100% secure (even if you retain physical security of
your PC) but your assertion is a bit exaggerated.

Since the free, open-source TrueCrypt product (mentioned earlier by me and
someone else) has 256-bit AES encryption ability, there's really little
reason not to use that level of encryption.

btw, Apple's OS-X uses 128-bit AES for its built-in file and drive
encryption.

One thing about Windows NTFS encryption - only the exact user account that
created the files can access them. If you delete your user account, and
recreate the account with the exactly same username, you will not be able
to see your encrypted files because your new account was not the exact
account that created them. Think about this when you think about wipe and
restore of hard disks.....
 
A

Andrew DeFaria

bjn said:
Well, how "true" that is depends upon what level of security you need.
By and large and for all intents and purposes here for a simply home
user with Quicken - it's true.
For example, 256-bit AES encryption is used by the US Government for
Top Secret messages, yet those messages do not always remain in the
physical possession of the US Gov.
This is not the NSA, we're not talking spies here ya know.
True, nothing is ever 100% secure (even if you retain physical
security of your PC) but your assertion is a bit exaggerated. Exactly
Since the free, open-source TrueCrypt product (mentioned earlier by me
and someone else) has 256-bit AES encryption ability, there's really
little reason not to use that level of encryption.
Actually there's really little reason to use it considering the chances
of it being needed. Then again I've always found it extremely difficult
to reason with paranoid people because if there's one tiny iota of a
chance they will constantly argue without. It's like trying to explain
to advid lottery players that they odds are really slim....
btw, Apple's OS-X uses 128-bit AES for its built-in file and drive
encryption. Whop T Do!
One thing about Windows NTFS encryption - only the exact user account
that created the files can access them. If you delete your user
account, and recreate the account with the exactly same username, you
will not be able to see your encrypted files because your new account
was not the exact account that created them. That's why you back things up.
Think about this when you think about wipe and restore of hard disks.....
Quite frankly, I don't think in terms of wiping and restoring hard disks...
 
Ad

Advertisements

B

bjn

By and large and for all intents and purposes here for a simply home
user with Quicken - it's true.
Too many disclaimers in that sentence for it to be of any use.
This is not the NSA, we're not talking spies here ya know.
Correct, we were not taling about spies, we were talking about computer
security. I was merely illustrating how your comment was an exaggeration.
Since you agreed with me that you exaggerated, ....

So we agree that you exaggerated.

Actually there's really little reason to use it considering the chances
of it being needed. Then again I've always found it extremely difficult
to reason with paranoid people because if there's one tiny iota of a
chance they will constantly argue without. It's like trying to explain
to advid lottery players that they odds are really slim....
Security is always a balance of how much do you need vs. how much trouble
you have to go through to obtain it. Some of the security products are
surprisingly easy to set up and use, and do not get in the way of your
routines.

Your attempt to divert the discussion to paranoia merely illustrates how
little you know about the topic.

Whop T Do!
It was just a little side commentary. It's a shame your ego seems to get
in the way of your message all the time.
That's why you back things up.
Backups may not help in this area. Unless, of course, you back up
unencrypted copies. That, then, opens up another possible security hole.

Quite frankly, I don't think in terms of wiping and restoring hard disks...

That's ashame. Even Microsoft is telling Windows users that the only way
to eliminate some spyware is to erase and reformat the disk. Do you really
think you should take such a lackadaisical approach to others' data?
 
R

RWEmerson

formerprof said:
What to do? How secure is Quicken file encryption? If it's like WORD or
EXCEL there are easily available password crackers which open encrypted
files, sometimes in a matter of minutes.
I'd like to echo another post in this thread that recommends TrueCrypt.
For a variety of reasons related to my travel, both domestically and
internationally, I recently (in March) began running Quicken 2006 from
my laptop, always out of a TrueCrypt-encrypted disk. It works
excellently for my needs and in real time.
 
D

DP

Is there some way that TrueCrypt is better than the standard Microsoft
Encrypted File System? I have not experimented with either.
I don't have an answer to that, but isn't it true that Microsoft file
encryption is available with XP Pro but not with XP home? If so, that would
make a difference to some users. MS may not even be an option for them.
 
Ad

Advertisements

S

Stubby

RWEmerson said:
I'd like to echo another post in this thread that recommends TrueCrypt.
For a variety of reasons related to my travel, both domestically and
internationally, I recently (in March) began running Quicken 2006 from
my laptop, always out of a TrueCrypt-encrypted disk. It works
excellently for my needs and in real time.
Is there some way that TrueCrypt is better than the standard Microsoft
Encrypted File System? I have not experimented with either.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Encryption? 2
encryption? 1
Encryption - unable encrypt the data at the required level 1
2003 Encryption 0
Encryption Type 1
Encryption Level 2
Encryption error 1
quicken's encryption 9

Top