Friday, December 2, 2016
8 Best Practices and Insights to Get the Most out of Boxcryptor
Just as people, software is not an island, isolated from all other programs (sorry Simon and Garfunkel, we still don’t buy that…). There is interference, interaction and intersection, for example with other security software, or when you work with several programs together, for example with Boxcryptor and MS Word. The following collection of our best practices for the most frequent support requests will help you understand our software more and get the best out of Boxcryptor in every situation. We are happy about every feedback and suggestions on our social media channels. But first, have fun with our best practices.
1. Using an Outdated Boxcryptor Version Can Cause Problems
Using an outdated Boxcryptor version can cause problems, for example when our update is a reaction to a change at your cloud provider or at a third party app. In case that there are changes in Microsoft Word, for example, we have to react with an update, because some operation might not even work anymore in the older Boxcryptor version.
In previous Boxcryptor versions the update notification available appeared in a bubble in the right corner of your desktop. Since many seem to overlook this, we decided to change our procedure.
From now on, you will be notified about any updates by a window in the middle of your desktop.
Make sure to always update to the newest version right away. Please do not uncheck “Automatically check for Updates” in the settings, so we can assist you in keeping everything up and running. You can always download the latest Boxcryptor version on our website.
2. Be Careful with Case Sensitive Boxcryptor Credentials
To avoid problems when signing in, we recommend using all lower case email addresses. Of course, this does not apply for passwords. For security reasons, we cannot and do not tell you whether your username or password is wrong when there is a problem with your sign in credentials.
Every now and then users contact our support agents – understandably freaking out – because they cannot access their data anymore. In many, many cases they cannot sign in, just because they entered the wrong username due to a mix-up of upper case and lower case letters. To avoid this problem and the horrible feeling of fear of data loss, use an email address in lower case.
Now you might wonder why our sign in is case sensitive, since this is not really common. The reason for that is again, security. When you sign in, your password is never sent to us. Instead, the client calculates a hash that is sent to our servers for authentication. To make the hash even more secure, the email address is calculated into it as well. This is why the email address has to be entered exactly the same way it has been entered when you first signed into Boxcryptor. This is also why your life will be a lot easier when you sign in with an all lower case email address.
If you get the notificaton “Username or password incorrect” you should check your emails. Every time sign in fails, we provide you with more information there, for example, if you mixed up upper and lower case characters in your email address.
Also: This email address has to be legit, because you have to confirm your account via email.
3. Avoid and Dissolve Connection Problems Due to Security Software or Proxys
When there is a problem with the connection due to installed security software, you have to add Boxcryptor as an exception. The reason for that is that Boxcryptor only accepts a connection when it is absolutely untampered with. This way, so called man-in-the-middle attacks, where somebody tries to intercept the connection between the client and our server, become impossible.
Security software that conflicts with Boxcryptor tries to check if the connection is secure. Boxcryptor, however, notices something snooping around in the connection and cancels the process for security reasons. The simple solution for that: Add Boxcryptor as an exception because it is a trustworthy connection. With the following security software, this extra step is necessary:
- FortiGate / fortinet.com
- Blue Coat Systems
- AVG AntiVirus
- Microsoft Endpoint Protection (SCEP)
When you are using Boxcryptor in your company you could get a similar problem with the proxy: You have to whitelist the address https://api.boxcryptor.com
4. How to Save Files out of Third Party Programs such as Word
Most of you probably figured it out on your own, but still, I want to explain where you can save your documents to, if you want them to be securely encrypted with Boxcryptor. You have to store them in your Boxcryptor drive, which has the letter X if you did not rename it.
Saving files to this location is not possible. Why? It is a virtual drive, which means that it does not really exist, it does not have any storage space. It can be seen as a place holder.
If you store single files directly in here out of third party apps, they will be stored in unencrypted mode. So please do not save files to this location out of third party apps if you want them to be encrypted.
Best practice is to save files to any encrypted folder inside the Dropbox folder in your Boxcryptor (X:) drive. It will be encrypted instantly and automatically.
5. How the Sharing Process Works – Best practices of encrypting and sharing a folder
Since Boxcryptor is an encryption tool that is added on top of your cloud provider, there are always two steps necessary when sharing a file. We add the encryption, therefore the right to access the file has to be shared via Boxcryptor. Right click on a file, hover over Boxcryptor → go to manage permissions.
However, the data needs to be shared “physically” as well. The simplest way is to share it via your cloud. Encrypt a folder, share its permission in Boxcryptor and share the folder in Dropbox. Only then, the persons you shared the folder with can access the encrypted data.
Imagine you want to encrypt the shared folder “Team Data” that contains a lot of data. We recommend not to just right click and encrypt. Why? What is going to happen is that it is going to take an extremely long time to encrypt and synchronize all the data in the folder. While the data is being synchronized, sharing permissions is not recommended. To encrypt a folder that has already been shared in your cloud would not be such a good idea either. Everyone whom you shared the folder with would see a notification by your cloud provider saying that “Team Data” had been deleted. This makes sense, because the unencrypted data will be deleted and replaced by the encrypted data. However, it could cause some panic by people who do not know what is going on.
This is the best practice for sharing a folder:
- Create a new, encrypted, empty folder in the Boxcryptor drive (name it “Team Data_secure”, for example)
- set permissions in Boxcryptor (which will only take a couple of seconds)
- Copy the data from “Team Data” into the new “Team Data_secure” folder
- share the folder via your cloud provider while the data is syncing and notify everyone to work with the _secure folder from now on
This workflow saves a lot of time and helps avoid syncing problems and panic attacks. However, this is only necessary for top level folders that are shared but not encrypted yet. You do not have to do that with folders within already shared and encrypted folders in “Team Data”. You just have to encrypt and set the permissions once for every top level folder. The subfolders will follow the same pattern. If you plan on sharing team folders, please make sure to read and follow the next tip as well.
5.1 Pro-tip for Business Users and Company Admins: Use Groups
When you set permissions for a file, the header of the encrypted file has to be changed slightly. If you change permissions in a folder, every single file in that folder has to be changed and, therefore, synchronized by the cloud provider.
However, if you set up groups, you can add and delete users from this group within seconds. Changing groups happens on our servers and therefore is really fast. Since the permissions in the files do not change, synchronization is not necessary.
6. Filename Encryption for Shared Folders
Please turn it off. Not all filename encryption, but the filename encryption of the top level folders you want to share. You can keep it in the subfolders and for your single files. But encrypting the name of a folder you are about to share is a very problematic workflow. Put yourself in the shoes of the person you share the folder with. Imagine you share two folders. How should the person on the receiving end know what is what? All he will get is something in the likes of that:
John Smith just shared the folders 該文件是加密的如此肯定 and 這僅僅是加密的因此安全with you.
You do not want that, especially if you have to share many folders with many people. And it does get worse. When filename encryption of the top level folder is activated and the permissions are being changed, for technical reasons it can happen that the filename encryption changes, too. Dropbox only changes filenames locally, therefore, if the person who shared the folder changes something, the others will not be able to read the folder name anymore. We had some serious cases of severe confusion due to shared folders with encrypted filenames.
7. How to Share an Encrypted File via USB Drive or an External Hard Drive
However, you can also give the encrypted file to somebody via USB drive, or send it via email. And here is the correct workflow:
Imagine I want to share something with my friend Petra via USB drive, email, or an external hard drive. Petra can’t just copy the encrypted Boxcryptor file to her Boxcryptor drive. We do not allow that because the file would be encrypted twice, which is not such a good idea. Instead, Petra can just plug in the USB device. Boxcryptor will auto-detect the device and add it to the Boxcryptor drive. Petra can open the files there.
As an alternative, she can add the encrypted file to an existing location, for example her Dropbox; but not to her Dropbox folder in her virtual Boxcryptor drive, but to the original Dropbox folder (C:\Users<UserName>\DropBox).
8. How to get Boxcryptor with all Your Files on a New System
Easy. Just install Boxcryptor and your cloud provider on your new machine. Add the cloud provider as a location – if Boxcryptor did not already do that automatically – and all your files are available, because they are still in the cloud, still encrypted, still there.
Do not copy all your encrypted files from your Cloud folder on the old machine and safe them on an external drive, and then try to paste them into your Boxcryptor drive on the new machine. We do not allow that because it would break your files. And most importantly, it is just not necessary.
These workflows hopefully gave you a deeper insight into how Boxcryptor works and how you can get the most out of the software. Let us know what you think on Twitter or Facebook, we love to hear your feedback.
Get our free Newsletter
Would you like to read more fun, informative, helpful articles that are all about IT, techy stuff or Boxcryptor? Then sign up for our newsletter. We won't spam your inbox with daily mails. And if you change your mind you can unsubscribe easily.