I, like many folks, have a USB flash drive that I carry around (I call it “my chip’). Last week it went missing.
I have a backup of the chip, so it was easy to copy stuff onto a new chip. The troubling thing is all the stuff that I found on that backup copy.
I use TrueCrypt to create an encrypted partition on the chip. It has a very strong password (16 random upper, lower, digits and symbols) attached to AES encryption — the best available to civilians. On the protected parition, I placed the usual complement of passwords and account numbers. Nothing to worry about.
But for convenience, I temporarily stored other stuff. Not “high security” exactly, but nonetheless not for publication. I had business documents, documents from organizations I volunteer for, software utilities and stuff to remember. I also had a configuration file for an FTP utility which had embedded in it (although encrypted somehow) passwords to certain web sites.
The problem was that I could not look some people in the eye and tell them that I had responsibly handled their data.
The good news is that I eventually found the chip in a pants pocket destined for the laundry. And the better news is that my chip now has nothing unencrypted that I don’t mind sharing.
I think it’s a good exercise for everyone to pretend they’ve lost their chip from time to time.