Take-Home Points (Know These)
- Patient should data should NEVER be sent over the internet (e-mail or uploaded to IU's Slashtmp) without being properly encrypted.
- Passwords should NEVER be sent by the same means as the data or hyperlink to the data. Easy answer: NEVER send passwords over e-mail.
- You should NEVER use a single word as a password. For patient data, the simplest way to create a secure password is with four random words.
The Simple Steps (for the impatient)
- Use 7-Zip to compress your data into an archive
- Encrypt the archive with a password made from four random words. Avoid common phrases like "once upon a time."
- Send the encrypted file over e-mail or using IU's Slashtmp without the password.
- Tell the recipient the password over the phone or by SMS (Do NOT send passwords over e-mail)
Creating a Secure Password
A single word password, even with numbers in the front or back, can be cracked by simple, freely available tools within a matter of seconds. The trick to making passwords secure is to introduce a password from a larger number of possibilities. A traditional way to do this is to include upper case letters, lower case letters, punctuation, and numbers within your password; however, such passwords are hard to remember, often hard to communicate, and may not be secure if they are too short.
On the other hand, you can create a very strong password by combining four random words. Unlike the 26 letters in the alphabet, there are well over 500,000 unique English words. You should avoid common phrases (like "once upon a time" or "bill tierney is cool"); rather, select four random and unrelated words. For example: "shoe oven moon bird" or "hand clock fire window."
As long as you don't send your password over e-mail (e-mail is NOT secure), then your data will be properly encrypted.
There are plenty of conference call during which you can tell someone the password. You can also SMS the password. If you cannot afford to SMS (e.g., from a Kenya cell phone to the U.S.), then e-mail the person you're sending the data to and ask them to SMS four random words to your cell phone and use those as the password when compressing the data to be sent.
Creating a Secure Archive
- Right-click on the file(s) to be compressed and choose "Add to archive..." from the 7-Zip context menu.
- Within the "Add to Archive" dialog window that appears, you must define a password. Check the box before "Show Password" and enter a four-word passphrase into the password field.
Don't have 7-Zip yet?
Download and install the latest version of 7-Zip from http://www.7-zip.org/. 7-Zip is a free file compression program that can apply strong encryption to protect data from being seen by a third party.