By: Stephen M. Marson, Ph.D., ACSW, and Ollie Bishop, MBA
Many software products, such as the Microsoft Office Suite, incorporate password protection into the software. Directions for password protection may be obtained directly from the software’s HELP feature. However, many file types do not have built-in password protection. Fortunately, the Microsoft XP operating system and the Microsoft Vista operating system provide a user-friendly method for password protecting any file. Both operating systems can transmit with a built-in file compression and decompression protocol. The compression program—Compressed (zipped) Folder—will compress one or more files into a zipped folder. The Compressed (zipped) Folder Manager may then be used to password protect the zipped folder. To compress a file and password protect the compressed folder, do the following:
- Select the file you want to compress. If you want to compress more than one file, press and hold the Ctrl Key while selecting files.
- Right mouse click on one of the selected files.
- From the context-sensitive menu, choose Send To – Compressed (zipped) Folder.
- The selected file or files will be compressed and placed in a zipped folder in the same location as the original file. The folder will be assigned the same name as the original file. Compressed (zipped) Folder compresses a copy of the original file. The original file will remain intact and uncompressed.
- Double click the zipped folder with your left mouse button to open the Zipped Folder Manager. On the file menu, select Add a Password.
- In the Add Password Box, type your password. Retype the same password in the Confirm Password Box. Click OK to complete password protection. Close the manager.
- Your Compressed (zipped) Folder is now ready for e-mailing.
- Files may be added to the Compressed (zipped) Folder by the Drag and Drop Method or Copy/Paste. Remember, it is the folder that is protected, not the file or files in the folder. When opening a file within the Compressed Folder, the folder password will be required. If a file is removed from the Compressed Folder, it will not be password protected.
To comply with Standard 1.07m, passwords should not be sent over e-mail. Passwords should be transmitted in a phone conversation. WHY? Two reasons:
- Currently, software exists that identifies and captures e-mail messages that include the word “password.” Thus, if you receive e-mail that includes the word “password,” there is no guarantee that the password is safe to use. Passwords transmitted over the Internet must be changed immediately.
- Internet detectives are available for hire. They are given the identity of a sender and receiver and can capture all transmissions without the knowledge of the sender or receiver. Thus, any effort to password protect or encrypt an attachment is futile and, therefore, a violation of Standard 1.07m.
For example, an Internet detective captured e-mail transmissions between a woman involved in divorce proceedings and her therapist. The transmissions were given to her husband’s lawyer. During the hearing, the lawyer was able to ask, “What were you doing at the Holiday Inn between the hours of 12 and 1 p.m. on March 2?”