Password protecting documents regardless of application

With the “physical” and “financial” end of the year at hand, as well as tax season around the corner, it’s time to create lists and pull together documents that will certainly contain private information. Keeping a shopping list private is one thing, but what about financial information, tax documents and medical receipts? Or going a step further with employee information, HR information, company financial records or the secret location to Al Capone’s vault?

To get prepared, I went on a wild search looking for tools to store documents, encrypt text and lock folders. While I came up with some decent ideas like Safenotes in Roboform, password protected notes in the macOS Notes app, and creating password protected databases in DevonThink, I overlooked the simple solution. And it’s build in to macOS.

Create an encrypted, password protected volume (DMG file) and store the files inside. This can be done using Disk Utility.

Within Disk Utility, select File – New Image – Blank Image
For the Encryption option, select 256-bit AES encryption
Fill in the password that must be entered when the volume is mounted

dmg-encrypt

For the sake of security, do not add the password to your keychain

Once complete, you will have a secure volume that any application can use to store data. And since it’s a file, it can be used on services like Dropbox, Google Drive and iCloud. When the volume is disconnected, it will be synchronized.

For general purposes, a 100MB file should be sufficient. If you’re only storing text like credit card info, social security numbers, etc, something like 10MB would be better. Several hundreds pages worth of plain text will be less than 1MB in size.

The only real downside is that the apps working with the volume need to be closed so it’s not considered in use and can be disconnected. This would be true for apps like Scrivener and DevonThink, etc.

To add to the security, tools like Jettison can be used to automatically disconnect the volume when the machine sleeps.

I actually had this implemented earlier, but it completed slipped my mind. Apparently it’s so seamless, I forgot it was there. But it’s an effective and simple solution.

That's my story and I'm sticking to it.

Author Signature for Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.