ISO: a way to password protect a volume or drive

Question

Level 2

305 points

ISO: a way to password protect a volume or drive

Is there any EASY way to password protect a volume or drive either via the OS or by some utility? I'd like to have one drive with my sensitive docs that's password protected that I could carry with me and use on multiple systems. I see various encryption apps that involve elaborate schemes for protecting data. I'm looking for a simple Access/No-Access solution.

Ideally I'd like it so when I boot up or when I plug in my "protected drive" I'd be asked for a password. If I, or whomever is trying to access the drive, declines or puts in the wrong password the volume simply would not mount or better still, mount but be inaccessible until the password is entered.

With so much security built in to OSX seems like there must be a way to do this.

Thanks!

8core 5gb RAM and 2gHz MBP 2gb RAM Mac OS X (10.4.9)

8core 5gb RAM and 2gHz MBP 2gb RAM Mac OS X (10.4.9)

Posted on Jul 7, 2007 1:56 PM

Reply

Answer 1

KJK555

Level 4

2,900 points

Jul 8, 2007 9:11 PM in response to dan wool

The next best alternative is to password protect your file, or to be precise, a folder containing your sensitive documents. You can do this by creating a disk image in disk utility. You can place images on external drives as well. Then simply mount the image and enter password. When you are finished editing simply unmount the image.

1. Open Disk Utility (Applications>Utilities>Disk Utility)
2. Create a new disk image from folder (File>New>Disk image from folder)
3. Select AES-128 from the Encryption pop-up menu in the Save dialog box. Save.

Reply

Answer 2

dan wool Author

Level 2

305 points

Jul 9, 2007 9:33 PM in response to KJK555

Thank you for this, but I'm just looking for a way password protect an entire drive (so I'm the only one who can add, delete or make changes to files). Is there no way to do this? thx

Reply

Answer 3

baltwo

Level 9

62,374 points

Jul 10, 2007 1:33 AM in response to dan wool

You cannot password protect files, folders, or disks with OS X's tools. The encrypted disk image is the only built-in mechanism. If that's not satisfactory, then search these forums for other threads on this same subject. There might be 3rd-party solutions, but you'll have search for them on your own.

Reply

Answer 4

KJK555

Level 4

2,900 points

Jul 10, 2007 9:24 AM in response to dan wool

You can set permissions on the folders, but that is no guarantee that someone will not access them. In fact if it were someone with even a basic knowledge of how unix works it would only take them about 8 seconds or less (the time it takes to open a terminal and login as root) to view your files ( Assuming of course they are on their own machine). Even if they are on your machine they can set the "ignore permissons" setting on external drives and view your materials. Outside of encryption I don't know of any way to secure on an external data drive short of designing your own file system.

Reply

Answer 5

dan wool Author

Level 2

305 points

Sep 14, 2007 5:05 PM in response to KJK555

Exactly my point. All this permissions hooey is built into OSX, but even a simple password request to mount a drive seems to be beyond the OS's capability. Nor does it seem possible to create an app that makes this possible.

I think the idea for all of this came from the fact that I once had a SyQuest drive that had this feature: Insert a cartridge and dialogue popped up where you entered a password. With a correct password the volume mounted, incorrect or decline it did not. Seems like something like this would be very popular among people who preferred to simply carry around a drive with their digital world on it rather than a laptop.

Reply

Answer 6

KJK555

Level 4

2,900 points

Sep 19, 2007 10:54 AM in response to dan wool

Hi dan:
I just stumbled upon a usb memory stick called "IronKey". It requires a password to access it. If you put the wrong password in more than 8 times it self-destructs! (data that is).

Check it out: https://www.ironkey.com/

I gotta have one... The 2 and 4GB versions are already on backorder though.

Reply

Answer 7

Sep 19, 2007 11:36 AM in response to dan wool

You entered your password when you logged in; when you authenticated yourself. Unix has never done a second password; you authenticated yourself at the front door. You can certainly set up the file protections to keep other users out.

As for password-protecting a specific object, that's -- as others have stated -- an add-on. Or you use the built-in FileVault stuff, or external hardware.

There are current-generation drives that have password protection mechanisms or similar authentication -- USB keydisks and hard disks. Or you can use a commodity drive and the built-in FileVault. This akin to what you remember with the SyQuest drive.

Or consider products such as the following:
http://www.pgp.com/products/wholediskencryption/tech_specs.html
http://www.usbgear.com/USB-Encryption.html

Or what some of us do. Unplug the disk containing the data, and lock it up somewhere safe. If a desk drawer isn't sufficient, there are also physical disk enclosures with physical locks available on the market.

Realize that various of these encryption products aren't worth as much as the proverbial warm bucket of spit; various of these products either use colossally weak encryption, or have mis-implemented encryption. It would not surprise me to learn that some even have back-doors.

Reply