News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

AskWoody Plus Newsletter Logo
ISSUE 18.20.F • 2021-05-31

In this issue

LANGALIST: Securing sensitive files in OneDrive’s cloud

Additional articles in the PLUS issue

PUBLIC DEFENDER: Don’t click those pop-ups that say you’ve been infected!

MICROSOFT: How to control the security of your Microsoft Account

LINUX: Good choices for your Windows-to-Linux transition

PATCH WATCH: A quiet month of May

ADVERTISEMENT

RoboForm

AskWoody Plus Newsletter Subscribers Exclusive for Memorial Day: Get 60% off a new RoboForm Everywhere subscription with
this link (exp. 6/15/21).

RoboForm is an award-winning password manager, password generator, online form filler, and secure repository where you can safely store sensitive information like credit cards and billing data. Best of all, with RoboForm, you have access to your passwords and saved data on all your devices.

Say goodbye to writing down passwords on scraps of paper or in a password book, and say hello to
RoboForm.


LANGALIST

Securing sensitive files in OneDrive’s cloud

Fred Langa

By Fred Langa

Does it feel like rolling the security dice when you save your files to a cloud-based service? When the files move out of your control and protection and into who-knows-what security measures the cloud-provider is using? You feelin’ lucky?

It doesn’t have to be a gamble. Here’s how to take charge of your cloud-based file security to make your remote files snoop-proof and effectively just as safe as those on your local PC.

Plus: No, ProduKey isn’t malware, despite what your security app says!

How to make files safe in OneDrive — or in any cloud!

AskWoody’s recent OneDrive coverage from Lance Whitney, Susan Bradley, and me (see article list at end of this text) has unleashed a torrent of email from subscribers struggling with various aspects of OneDrive’s poorly documented features and operations.

Questions about OneDrive’s security are a common theme. For example, see this note from AskWoody subscriber Jimmy Dominguez:

◼ “Hi Fred! Could you provide us with your thoughts on the security of OneDrive? My main concern is putting my password app database on OneDrive. It’s KeePass.”

That’s a great topic, Jimmy, and for much more than just password databases! You probably have many other private, sensitive files, too — financial records, tax information, health data, etc. — that you don’t want to fall into the hands of cloud-based snoops.

The good news is that all major cloud-service vendors are extremely serious about the security of your data while it’s in their care — the success of their cloud business depends on users’ being able to trust the service!

But your specific question was about OneDrive. Microsoft describes OneDrive’s extensive security measures on the support page, How OneDrive safeguards your data in the cloud.

While that’s all good — and truly, OneDrive’s built-in security is good — it cannot be perfect. No human-built system ever is. Worse, it puts you (and your files) into a passive, subordinate position, totally dependent on someone else to correctly spec, implement, and maintain essential security for your cloud-based files.

There’s a better way — easy steps you can take to ensure your data remains safe, no matter where it resides.

Let’s start with Jimmy’s password manager as the working example. It will lead us to a more general discussion of how to secure any type of cloud-based files.

First of all, yes, the KeePass password database is safe to sync to the cloud because, like all the major password-keepers I’m aware of, KeePass encrypts its database.

Today’s high-quality file encryption is the very best way to add nearly impregnable security to any file, regardless of where it will be stored — in the cloud, on your PC, on a flash drive, in an email attachment, whatever. Without the correct decryption passphrase or password, the file contents will be safe and totally inaccessible.

A good password manager will also never transmit its data unencrypted, “in the clear.” As you saw on the above-referenced Microsoft support page, OneDrive’s cloud-based components automatically enforce the use of encrypted HTTPS connections anyway — so odds are no one will be able to snoop your data while it’s in transit.

HTTPS adds good baseline security, but you can significantly enhance your online privacy by also using a VPN (virtual private network), which adds another, independent layer of encryption on top of HTTPS and can also disguise your physical location.

Many password-keeper apps also allow use of two-factor authentication when you first sign in, to verify that you’re really you and not some snoop trying to break in. KeePass can use two-factor authentication, although it’s a bit kludgy. See Tutorial — Using KeePass With Two-Factor Authentication.

And, if you employ OneDrive’s Always leave on this device setting, as recommended in OneDrive’s impermanent local copies (AskWoody Plus 2021-05-24), your working copy of the encrypted KeePass database will be kept local with a separate and still-encrypted copy tucked away in the Microsoft-protected cloud, synced there via encrypted HTTPS/VPN transmission. I’d say that’s very, very safe!

OK, that’s KeePass. But you can employ the same concepts to achieve similarly safe transmission and storage of all your sensitive cloud-stored files — financial records, tax information, health data, etc.

The bedrock concepts are to employ file- or folder-level encryption on the files/folders that will sync to the cloud; to use only encrypted communication (e.g., HTTPS and/or a VPN); and, if available, to use two-factor authentication when first signing in to your cloud-based apps and services.

Encryption can be easy and virtually automatic. For example, the MS Office apps offer optional, built-in, high-quality, 256-bit AES encryption (Microsoft calls it password protection; see Protect a document with a password.) Just save your Office files this way, using a good, un-guessable password, and your files will be effectively un-snoopable by anyone, anywhere.

If you use apps without built-in encryption, you can instead use a simple external file- and folder-level encryption app such as 7-Zip (open source/free; site). 7-Zip can encrypt virtually any file or folder.

Note: Whole-disk encryption does not work this way. Systems such as BitLocker encrypt files only while they’re physically present on the local hard drive; the files lose their encryption when they’re exported from a BitLocker-encrypted disk. To secure files in the cloud, you need a file- and folder-level encryption tool such as 7-Zip; not a whole-disk encryption tool like BitLocker.

As for communicating with the cloud, make sure your cloud provider enforces use of HTTPS connections. I strongly suggest that you use a reputable VPN.

Choosing a VPN can feel random because there are a million services available, free and paid, as this example Google VPN search shows. I’m not a VPN expert by any means, but to give you at least a known-acceptable starting place, my consumer-level experience with ExpressVPN has been positive. It’s  been fast and reliable for me from multiple locations, and it allows one VPN subscription to cover all my and my wife’s digital devices — PC, Android, Linux, Chromebook, Mac, and iOS. It has a good reputation for security and comes with a 30-day, money-back guarantee. But, again, this is only my personal, anecdotal experience; there may be other VPNs out there that better suit your needs and preferences. Search away!

Bottom line: OneDrive is reliable and reasonably safe on its own. Add in file- and folder-level encryption, secure communication via HTTPS and VPN, and maybe multi-factor authentication, and your cloud-based files will be about as safe and secure as humanly possible!

Related info:

More OneDrive coverage in recent issues:

Is ProduKey malware?

In Win7 to Win10 activation trouble (AskWoody Plus 2021-05-24), I mentioned ProduKey as a free example app that can dig out the product keys for Windows and other apps installed on your PC.

But some readers, including Bob Petruzzelli, encountered a snag:

◼ “Fred: Just to let you know I was reading your article this morning and tried to download the ProduKey app.

“Windows Defender was adamant that it was a virus and wouldn’t let me download it. I created a dummy .zip file and added it to the Windows Defender exclusions in my download folder. Then I could download it. But then when I unzipped it the .exe file was instantly deleted by Windows Defender, whoosh…. So I made a dummy file for that in the Windows Defender exclusions.

“”Then I could finally run the file and get my Product Key.”

Thanks, Bob. ProduKey isn’t a virus, of course, but many browsers and security apps see that it’s trying to get at product keys, and they incorrectly assume that something evil must be happening.

But yes, with Windows Security (formerly “Windows Defender”), you’ll usually have to click through several layers of warnings before the file safely arrives on your disk, and several more to get it to run.

It’s confusing and a bit of a pain the first time you encounter this kind of adamant blockage by Windows Security, but the support information at Add an exclusion to Windows Security can help you get the file to run.

Alternatively, there are many other product key-finder apps out there (examples). Feel free to experiment until you find one that works the way you — and your anti-malware app! — want it to.

Send your questions and topic suggestions to Fred at fred@askwoody.com.
Other comments? Feedback on this article is always welcome in the AskWoody Lounge!

Fred Langa has been writing about tech — and, specifically, about personal computing — for as long as there have been PCs. And he is one of the founding members of the original Windows Secrets newsletter. Check out Langa.com for all of Fred’s current projects.

Stories in this week’s PAID AskWoody Plus Newsletter
Become an ASKWOODY PLUS member today!

PUBLIC DEFENDER

Brian Livingston

Don’t click those pop-ups that say you’ve been infected!

By Brian Livingston

These frightening warnings are invariably “bad ads” that use advertising networks to insert these pop-ups into websites and phone networks. Their goal is to get you to click a link and download malware, whether it’s a fake “antivirus program,” a malicious “virtual private network,” or some other backdoor into your personal life.

MICROSOFT

Lance Whitney

How to control the security of your Microsoft Account

By Lance Whitney

A Microsoft account grants you access to Microsoft 365, OneDrive, Skype, and other key Microsoft apps and services.
A hacker who gains access to your credentials or to any of your Windows devices could view sensitive information and even spoof your identity.

LINUX

Sandra Henry-Stocker

Good choices for your Windows-to-Linux transition

By Sandra Henry-Stocker

Ubuntu, Linux Mint, and Manjaro are some of the most popular Linux distributions and have a considerable user base, along with a very active support community. In fact, TechMint ranked Manjaro, Linux Mint and Ubuntu as the second, third, and fourth most popular Linux distributions of 2021, respectively.

PATCH WATCH

Susan Bradley

A quiet month of May

By Susan Bradley

The big release of this month is not the security patches released earlier but rather the May appearance of Windows 10 version 21H1. The 21H1 release is a bit anticlimactic; it doesn’t contain many changes. 21H1 even shares the same “base” as 2004 and 20H2.

You’re welcome to share! Do you know someone who would benefit from the information in this newsletter? Feel free to forward it to them. And encourage them to subscribe via our online signup form — it’s completely free!


RoboForm box

Like what you see in the
AskWoody FREE newsletter?

Become a PLUS member!

As a Plus member, you’ll receive the full newsletter, including all our great content about Windows, Microsoft, Office, 365, PCs, MS-DEFCON Alert notifications, useful and safe freeware, and Susan Bradley’s sought-after patch advice. Plus membership also allows continuous access to the complete archive of nearly two decades of Windows Secrets and AskWoody Newsletters.

Naturally, Plus members have all the benefits of free membership, including access to the popular AskWoody forums.

The cost? We’re supported by donations — choose any amount for a one-year membership. Every little bit helps.

 Join AskWoody PLUS Today!


Publisher: AskWoody Tech LLC (sb@askwoody.com); editor: Will Fastie (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Your subscription:


Copyright © 2021 AskWoody Tech LLC, All rights reserved.