UNIVERSITY OF MAURITIUS CENTRE FOR INFORMATION TECHNOLOGY AND SYSTEMS Procedure for: Preventing unauthorized access to your documents using: - Password when saving documents - WinRAR Archiving - MEO Encryption Software October 2013 1 PURPOSE The main objective of this user guide is to explain how to prevent unauthorized access to the content of your documents using password protection and data encryption. Two utility software, namely WinRAR and MEO, will be introduced. These can be used for encrypting your document before sending the document over the Internet/email. The use of these software is recommended. Note: If you are not familiar with the WinRAR and MEO software, it is highly recommended to try them before using them. CITS/UoM assumes no liability for any loss, damage, destruction, alteration, disclosure, or misuse of these software or in case of password lost or forgotten. Please note that due to very strong encryption, lost passwords cannot be recovered. 2 Table of Contents Page 1.0 Instructions to password protect a document ….………………………… …… 4 2.0 Introduction to WinRAR ………………………………………………………. 6 2.1 Compressing files with WinRAR ………………………………………………. 6 2.2 Extracting files from an archive ………………………………………………… 9 3.0 Introduction to MEO Encryption software …………………………………… 11 3.1 Installing MEO ………………………………………………………………… 11 3.2 Encrypting files with MEO …………………………………………………… 11 3.3 Decrypting files with MEO ……………………………………………………… 14 3 Password Protection 1.0 Choosing a Strong Password The three methods of document protection described in this document rely on passwords protection, it is therefore recommended to use strong passwords. Strong passwords: - Have both upper and lower case letters. - Have digits and/or punctuation characters as well as letters. - Are easy to remember, so they do not have to be written down. - Are eight or more characters long. - Can be typed quickly, so someone else cannot look over your shoulder and learn it. You may also try using phrases for strong passwords, for example: - rsKf0myH&1W2sYU = Raindrops keep falling on my head and I want to steal your umbrella. - wru2rxy? – Who are you to ask why. - bWiIso3! – Beware the ides of March! - 4pRtelai@3 – not a dictionary word, has both cases of alpha, plus numeric, and punctuation characters Note: these particular strings are no longer strong passwords, because they have been published. A strong password is not: - Personal information such as your name, phone number, social security number, birth date or address. Even names of acquaintances and the like should not be used. - Any word in the dictionary, or based closely on such a word (such as a word spelled backwards). - A word with letters simply replaced by digits. For example, bl0wfish is not a strong password. - Easy to spot while you’re typing them in. Passwords like 12345, qwerty (i.e., all keys right next to each other), or nnnnnn should be avoided. 4 1.1 Instruction to password protect a document Click on File > Save as > Tools > General Options then enter Password to open file and save document. You are recommended to use strong passwords for your documents. An additional level of protection can be used to prevent unauthorized access to your document by using WinRAR or MEO Encryption Software in conjunction to the document password. The procedure is provided in the following sections. 5 Using WinRAR for file compression and extraction 2.0 Introduction WinRAR is a data compression utility software that can be used for compressing and archiving files into two popular formats, namely ZIP and RAR. It can also be used for extracting files from the archives. WinRAR is useful when multiple documents need to be securely sent or received over the Internet. The files can be compressed to a single file and the latter can be password protected. This file can then be securely sent by e-mail. The receiver will need the password to extract and open files from the compressed file. Normally WinRAR is already installed in most PCs. Contact CITS Helpdesk if it is not yet installed. The following instructions will guide you to compress (archive) files and how to extract files from archives. 2.1 Compressing files with WinRAR 1. Start WinRAR as follows: Click on “Start”. Next click on WinRAR If WinRAR is not found in the Start menu then: Type “winrar” in the “Start Search” box and press “Enter”. WinRAR will open. Close the small box being displayed (regarding license). 2. To create an archive, click on the “Add” icon. 3. WinRAR will open a new window with different setting and configuration options. 6 In the Archive Name box, type the name for your archive including the extension “.rar” or “.zip”. Leave the other options unchanged. 4. Select the file(s) you want to archive as follows: Click on the “Files” tab at the top. Under “Files to add”, click on “Append”. In the box appearing, go to the location (folder) where the files are stored. Click on the first file. If there are more files to select, press and hold down the ”Ctrl” key, then click on the other files simultaneously. 7 When you have finished click on “Ok”. 5. Click the “Advanced” tab in the same window at the top. Click on “Set Password”. Enter a password if you would like your archive to be password protected. It is recommended to enter a password if the document is confidential and need to be sent over the Internet (e-mail). Remember that the file and the password must not be sent through the same media for e.g. You may send the file via email and the password via SMS. The password must be strong enough (at least 8 characters long and include alphabetic, numeric and special characters). Note: You must always remember the password; if you forget it you will not be able to unzip the archive. 6. Click “Ok”. WinRAR will compress the selected files to the archive file. 8 2.2 Extracting files with WinRAR 1. Go to the location of the archive file you want to extract from. Double click on the file. The extracted files will appear on your screen. 2. To save the files, click on the “Extract to” tab on the top of your screen. A new window will appear. Select a destination where to save the extracted files (will be created if it does not exist) 3. Click “OK” WinRAR will now extract the files from the archive and save them to the destination path. 9 Using MEO for encrypting and decrypting files 3.0 Introduction MEO is a free and easy to use software for encrypting files of any type before sending them via e-mail. Encryption will prevent unauthorized viewers from having access to your confidential documents. The software can also be used for decrypting files that have been encrypted. The instructions below will guide you how to install and use the MEO software. 3.1 Installing MEO 1. The MEO software can be downloaded from the following location: http://www.nchsoftware.com/encrypt/index.html Click on “Download Now”. 2. To install MEO, double-click on the downloaded file. 3. Click “Accept” to accept the license terms. 4. You will be asked if you want to install other “Related Programs and Extras”. As they won’t be required for running the encryption software uncheck them (where there is a tick in the check box click it, the tick will disappear). 5. Click “Finish” and the MEO software will be installed. 3.2 Encrypting files with MEO 1. To start MEO, double-click on the MEO icon on your desktop. 2. Click on “Encrypt Files”. 10 3. Click on “Add File(s)”. 4. Next select the file(s) you want to encrypt: If there is only one file just locate it and click on that file. For multiple files press and hold down the “Ctrl” key, then click on each file simultaneously. When finished selecting all files click on “Open” 5. The files you selected are now listed on the screen appearing. Check if correct then click on “Next”. 11 6. Select the location where you want to save the encrypted file: Click in the “Output filename” box. Enter a filename. For security reasons use a generic name (e.g. “abcd”). Next you need to select the “Crypto algorithm”. Choose the “Slow, but crypto strong (3-DES)” option. Click “Next”. 7. Next you will have to enter a password for the file. Enter a strong password (recommended: at least 6 characters including alphabetic, numeric and special characters). Note: You must always remember the password; if you forget it you will not be able to decrypt the encrypted file. 12 Click “Finish” once the password has been confirmed. The file has been encrypted and saved as “filename.meo”. 3.3 Decrypting files with MEO Before sending the encrypted file, ensure that it will open properly. To do so you have to decrypt it and open the file(s). Proceed as follows: 1. Go to the location of the encrypted file and double click on it. Or start MEO, click on “decrypt file”, locate the file and click “Open”. 2. Enter the password used to encrypt the file(s): 13 3. You will then be asked to specify the folder where the decrypted file(s) will be saved. If you want to save in a new folder click the “Make new Folder” tab. Enter the new folder’s name and click “OK”. The decrypted file(s) will be saved in that folder. Once you have checked that the decrypted files open properly, the encrypted MEO file can now be sent by e-mail to the intended person. DO NOT send the encrypted file’s password in the same e-mail. Send it via SMS or by other means. 14