Protection of Money Data and Passwords RRS feed

  • Question

  • Please bear with me, I am trying to understand money data protection for files and backups. There are some assumptions I am making
    so please be kind. This also relates to the Sunset upgrade.

    It has been said many times that it is best to remove the windows live id from the sign in screen in money, but is this not in fact also the password protection for all files and backups? If this is true, then all backups and closed files will need the windows live id to open them. If all of this is true, then I suggest a procedure such as this, and I really need some expert advice on where I have gone wrong.

    1. After signing into your money account, change from windows live id to a simple password that you trust.
    2. Immediately close money and then sign back in to insure that your password works.
    3. While still signed into money immediately make a backup that is protected with the new password. note the date/time to know    which is most recent.
    4. To insure that your backups are solid, for a period of time change your backup schedule to every other day and save the 3 to 5
       most current backups.
    5. Remember that if you archive money data, that is protected also. I do not know if it can be re-archived or not.

    Please keep in mind that I am not an expert and my thinking maybe flawed. I am hoping that someone that someone smarter that me can refine/correct my thinking on this and make it better and/or safer.

    Saturday, December 25, 2010 9:29 AM

All replies

  • I think you are on the right track here. Some comments:

    1) More people have reported losing access to their data because they forgot their password than have ever reported that their data was comprimised because they didn't use a password. Perhaps people don't report the latter. Perhaps you prefer risking losing access to your data over risking comprimise.

    2) Making extra backups immediately after changing password scheme does not protect against your needing data from a prior backup--say you accidentally deleted something the week before you changed your password scheme.

    3) Occasionally test your backups to be sure they really are.

    4) Having lots of backups is good. Having them on different media types and in different physical locations is better.

    5) An "Archive" is simply a Money data file with all of the data in it that Money is about to delete from your ongoing file. If you archive from an archive the next archive will be the same as the archive you just archived. If that makes sense. Personally I don't think archiving makes any sense at all. But you are correct--if the password to the Archive breaks (Money WLID support goes away, you forget it, whatever) the Archive is just so much digital rubbish.

    Saturday, December 25, 2010 3:00 PM
  • We don't know how secure the  Money conventional password system is. If you can find a cracker (AKA "password recovery") , the protection is only from the less determined or able.

    For strong protection, you can keep your *.mny and  *.mbf files in an encrypted container, such as available with TrueCrypt. If you do that, you get a virtual hard drive that you must "mount" with a pass phrase before opening Money. I do that on my laptop. I keep a copy of the container file on a USB drive on my keyring. I also copy that to my desktop computer occationally.

    If you forget your passphrase, you will lose your data.


    Saturday, December 25, 2010 3:42 PM
  • I want to thank you for such a quick response. Merry Christmas by the way. My intention was to insure that this was a good scheme to follow and that my thinking was sound as far as the protection goes. I have seen in a lot of places where it is suggested to remove the windows live id but no caution as to what will happen the next time you try to open a file.

    Mr. Watson, in response to your valuable suggestions, what I did not include was that I would delete all prior backups once I had at least 3 current backups just to be safe. My fault for forgetting that. I also totally agree about the archive, I can remember at least times where being able to go back 2 or more years in my transactions has helped me in dealing with someone who says I never paid them.

    Mr. Learner, I can say that I have never heard of TrueCrypt before, but after looking at it on their site, I was just really impressed with what it can do. I do not have or need a laptop at this point in my life, but if I did, this would be on it.

    Thanks again for your great input, I wish I had half of your expertise.

    Sunday, December 26, 2010 1:00 AM