Most secure way to save files long term for extra privacy?

Discussion in 'macOS Mojave (10.14)' started by Turnpike, May 19, 2019.

  1. Turnpike macrumors 6502

    Turnpike

    Joined:
    Oct 2, 2011
    Location:
    New York City!
    #1
    I do some work in a very competitive field (security/investment related research) and have been saving photo, video, and text research files in what I consider a super "secure" place, on a designated Macbook with a log in password that I do not use to go online with. I'll admit I have a limited understanding encryption and overall security, but after reading how much effort the feds went through to catch the Silk Road guy with his laptop open, I figure that if I have a password on my Mac, it's more than enough for me when working around even the most untrustworthy co-workers in different research centers.


    From what I understand, even if someone takes my laptop, the most they can do is erase it and have a laptop, not the content on it (and that content is my main/only concern).

    But as my research files grow in number, I don't want to go spend big $ on another laptop just because it has more memory. If I use an external SSD to put OSX on, and set up my "computer" and files on the external SSD, are my files as secure as if they were on a laptop with a password? Or are the contents more vulnerable when on an external drive like that?

    I don't have any state secrets to protect, but my collection of work is becoming more valuable, and it's not uncommon for the people I work with (more like compete with) to spend $2500 at a computer shop trying to get into a fired or otherwise ex employee's old research files, or recover stuff from their old flash drives.

    Any suggestions how I could keep about 250GB-1TB or more worth of data super secure over a long term, I'd appreciate it. I don't want to put it online and don't need to access the internet on the device I keep it on. I use the laptop more for writing and saving the papers on and saving the research stories, video, and articles in files and folders as I come across it for later review. If my best bet is just to buy another Macbook with a large hard drive, then that's what I'll do, I just wanted to check if there was an external drive solution that was as secure.

    Thanks!
     
  2. Wando64 macrumors 6502a

    Wando64

    Joined:
    Jul 11, 2013
    #2
    Your data is secured only if your drive is encrypted with FileVault.
    This is true with either internal or external drives.
     
  3. Turnpike thread starter macrumors 6502

    Turnpike

    Joined:
    Oct 2, 2011
    Location:
    New York City!
    #3

    Thanks! I went and read up on just what FileVault is. So setting up a "computer" on an external 1TB HD, if I have FileVault enabled, the info on that HD is super secure then? As secure as can be?
     
  4. mikzn macrumors 65816

    mikzn

    Joined:
    Sep 2, 2013
    Location:
    Vancouver
    #4
    I wonder if you could create a disk image with disk utilities and then password protect the disk image on the external drive?
     
  5. gwang73 macrumors 6502a

    gwang73

    Joined:
    Jun 14, 2009
    Location:
    San Francisco Area
    #5
    Just get one of these external hard drives and store your files on it. No need to have a separate computer.
    https://www.apricorn.com/aegis-padlock-usb3
     
  6. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #6
  7. Honza1 macrumors 6502

    Joined:
    Nov 30, 2013
    Location:
    US
    #7
    Keep in mind, that there are two "security" meanings you should consider:
    1. secure as "no one else can read it". e.g., nosy co-worker and worse...
    2. secure as "I cannot loose it". e.g., mistake, theft, flood, hardware failure, fire, ... name your favorite here, plenty options.

    Usually, FileVault is perfect for case 1.
    If you want to make sure you are safe for case 2 (not clear from your text), you need multiple copies, stored at multiple locations.

    Good choice: Two (or more) external disks, from different companies and of different type (so they are unlikely to fail at the same time) with FileVault each (ideally, different passwords), located at sufficiently different locations. Routinely updated and error checked. Oh yes, I think spinners (rotating magnetic hard drives) are proven for longer life. Not sure if SSD is the best choice for this purpose, for now.

    Two encrypted Time Machine disks, at different locations, work also reasonably well...

    Yes, requires significant maintenance.
     
  8. Wando64 macrumors 6502a

    Wando64

    Joined:
    Jul 11, 2013
    #8
    It seems fairly clear to me that the OP is concerned with other people being able to access his data.
    The solution to this problem is enabling FileVault on the internal storage AND on any additional external storage.

    I am not sure what the OP means when he suggests he could "setting up a "computer" on an external 1TB HD".
    If I understood correctly, you are in need of extra storage. In which case just plug in an external disk, enable FileVault on it, then you can start using it as your extra storage either by saving new data to it or by moving your existing data to it.

    Obviously in regard to making a safety backup of your data, you will also need another external disk, at least as big as the sum of your other disks, and then: 1) enable FileVault on it and 2) Use it as the destination disk for Time Machine backups.
     
  9. SalisburySam macrumors member

    SalisburySam

    Joined:
    May 19, 2019
    Location:
    Salisbury, North Carolina
    #9
    Agree with other suggestions. I use an external disk drive and a separate Time Machine backup external drive. For things I don’t want to lose, I use a 2TB external SSD. I copy the files I want to it, then put it in our bank’s safe deposit box. I update about quarterly. It has things on it like household inventories, electronic versions of tax returns and backup documents, and the like. All are encrypted, and passwords kept up to date with the lawyer.

    Bit of an admin overhead, but works well for me.
     
  10. LuisN, May 24, 2019
    Last edited: May 24, 2019

    LuisN macrumors regular

    Joined:
    Mar 30, 2013
    Location:
    Torres Vedras, Portugal
    #10
    Create an encrypted disk image with disk utility with the desired size and set a secure password. Mount the image each time you want to add data and then unmount the disk image. It works even with external and networked disks

    Captura de ecrã 2019-05-24, às 16.43.24.png Captura de ecrã 2019-05-24, às 16.43.24.png
     
  11. zorinlynx macrumors 603

    zorinlynx

    Joined:
    May 31, 2007
    Location:
    Florida, USA
    #11
    This is what I would do, even on my Mac that already has FileVault enabled.

    Use a SparseBundle, these can be backed up more efficiently with time machine.

    By unmounting it when you're not accessing the files, you reduce the possibility of malware getting access to those files. It's up to the user to decide whether to save the password for the disk image in Keychain or not.

    Hell, you can even store Sparsebundles in iCloud Drive, and it works fairly well. As with all important data, you should always make sure you have an additional backup and not just depend on the cloud though.
     

Share This Page

10 May 19, 2019