Security and data recovery

You may be aware that there have been many cases recently of websites being hacked and user account details being compromised. ( recently Yahoo, dropbox, talktalk etc..) You can check if your email account details have been "pwned" here

https://haveibeenpwned.com/

Your online security depends on maintaining your PC virus free, using secure passwords, and making sure your old equipment does not have recoverable information when you dispose of it.

Passwords

We are told for security to use long (more than 8 characters) passwords that include Capitals, numbers and symbols; not to use a single word that could be in online dictionaries; not to use the same password on different sites; and not to write them down. Most 8 letter passwords could be cracked in a few seconds.

Here are some examples of OK and poor passwords:

Weak: Ih8Dave (Too short and password crackers know about text speak!)

Poor: Jim@15/08/1971 (Your name and DoB are all in the public domain)

Good: 6%tools%CATTLE$$ - combines numbers, symbols, upper & lower case - 16 characters.

Unfortunately different sites have different requirements for passwords. Some allow spaces, many dont, some force the use of digits and upper case, or will not allow more than 8 characters. So a common strategy which would help you remember them needs to be flexible.

Also, of course, if you FORGET such a password its a major problem! So one way or another you need to keep a secure record of your password for each site.

Keep a secure record of important passwords

Password managers: There are password managers - indeed some are free. I don't choose to use these because I dont feel "in control". If the password manager software fails I'd lose my passwords for important sites. Also if I need to access sites from another PC, I can not access my passwords.

Store important passwords on a secure document: This is my chosen approach. I open a document in WORD or (better still) OPEN OFFICE / LIBRE OFFICE and list my passwords and log in details like this:.

Barclays Bank username billybob password Bi11yBob£IsME

When my list is complete I save the document. But not yet - here is the trick. You need to ENCRYPT the file with a password. Its easy.

In WORD: Click the "Office" Button (top left of the window) and choose "Info" or "Prepare" depending on your version. Choose "Encrypt document" and add a SECURE, MEMORABLE password. Its the only one you will need to remember. Save as a WORD document.

In OPEN OFFICE or LIBRE OFFICE: its even easier. "Save as" and tick "save with password". Save as an ODF text document (.odt)
Again, use a SECURE, MEMORABLE password.

Now you can keep copies anywhere you like - even give them away - because without that password they can not be read. Keep a copy on your google drive and you can access it anywhere - and Open Office runs on Android as well as PC.

An example file passworded "billybob" had its password cracked in about 30min on an average PC - so pick a good secure memorable password!.

You can check the level of your password security here - but MAKE SURE the site address is correct before you enter a password.

https://howsecureismypassword.net/

 

For "unimportant" log-ins - forums etc - I use a common password that I can easily remember and type. A simple way to do this is to follow a pattern on the QWERTY keyboard - such as Xde4%tgh.

qwerty passcode

Data recovery

Sooner or later you learn the value of backing up your data - onto CD, DVD, memory stick, or the cloud (Dropbox, Google drive etc). However when your PC breaks down its too late. Music, videos, downloads, etc are replaceable, but your photographs and documents may not be. Depending on the nature of the fault and the value of the data we can often recover at least some of your files from a faulty or failing hard drive. Early intervention is always best - if you suspect you have a problem please contact us.

For "mission critical" data, or if its a serious fault you would need to use a specialist (=expensive) service. As an example a client was recently quoted £850 +VAT for data recovery from a hard drive; and another client £650 +VAT for recovering data from a 4G USB drive.

Secure Disposal

The only parts of a PC (or laptop) that maintain a record of your data are the hard drive(s), and ( if present) any installed memory cards or connected flash drives. All other information "evaporates" within a few seconds of the PC being turned off. There are several strategies for ensuring that secure data can not be recovered from your hard drive, depending on whether or not the system is still working, whether it is to be sold on, and whether on-site (i.e. supervised) destruction is required.

1G laptop hard drive

For working systems which will continue in use:

The quickest, simplest and easiest procedure is to delete only the file or folder of data. However just clicking "delete" only moves your file to the recycle bin. Emptying the recycle bin will hide the data from the average user; however its often still easily recoverable. Secure deletion requires the use of additional software (such as Microsoft's SDelete) to ensure the file is not recoverable. Skillbank can offer this as an on-site service.

For working systems which will be re-purposed: (Windows can be reinstalled if required)

  • Format the drive - quick but not secure.
  • Use a secure deletion software to overwrite ALL the drive - secure but VERY slow - up to 24 hours. However this process does not require attendance.

For non-working systems:

Remove the hard drive, install or connect to a working system, and use a secure deletion software to overwrite ALL the drive. Even if the drive will be destroyed mechanically its best to do this first.

Mechanical processes: These rely on total destruction of the drive.

Sledgehammer: drive enclosures are very robust, this isn't recommended.

Open drive case, remove the media, and score with a scriber, drill holes, or scarify with emery paper. Data can not then be recovered except with equipment only available to security services.

Destroy disk with specialist equipment (shredder) - there are mobile services that do this. 100% secure.

Flash Memory

This should be securely deleted as described above. The important thing is to make sure that undeleted flash memory does not escape from your control.

Flash memory is NOT reliable, and secure deletion by overwriting will often render it unusable, so mechanical destruction is probably the best option.

flash memory