The Neat Company Forums

Would anyone else want to be able to password protect and/or be able to encrypt the stored data?

I believe this would be helpful since many receipts still have credit card numbers listed in full.  I think this would also be helpful so that other co-workers cannot review spending accounts.

YES!!!! I have plans to put a lot of sensitive information in.  One thing that I noticed that was lacking was the ability to password protect the program.  I don't want anyone just reading my bank statements/bills/health information. Is this an option in the 3.0 version?  I am at 2.7.5 because my computer doesn't meet the new qualifications for upgrade. 

 

 

Hi Kristina,
Thank you for the feedback.  Version 3.0 does not have a Password option.  However, I will submit your request.

 

Thanks,
Jenn 

That is a must have feature. The best way to back up data is to keep it somewhere online and I do not think it is wise to put an unencrypted document database online.

 Lack of encryption seriously restricted the usefulness of the system.

If you want your data files encrypted, many versions of Windows come standard with the Encrypted File System -- all that's required is to set the attribute for the files you wish to be encrypted and only those logged in via the account used to do the encryption will be able to read the files (actually, an EFS Recovery agent can decrypt them as well -- check the docs).  Once done, I believe that you would have to make sure that any applications or services which use the file run under the user account which was used to do the encryption.

 When you talk about storing data backups online, I presume that you are talking about uploading the data to some form of personal storage facility on the web.  To do that you could encrypt the file in Windows before uploading it.

 Not as seamless as integrated encryption in the application but not terribly difficult either.

  - Les

YUK! This reply looks pretty ugly...none of the line breaks show up that were in the original text of the reply!! To NR staff: If you do include encryption, it's important to not only include password protection, but use an industry recognized encryption algorithm, such as AES 256-bit encryption. Personally I recommend using a whole disk encryption program (forget having to enter passwords for individual applications) because your data is likely also in a paging file or in other temp files as well -- and can be recovered with disk utilities should your laptop or computer be stolen. Encrypting the entire drive solves that issue. Or, go the hardware route (Seagate's FDE drive is the only one I'm aware of -- it has an on-board processor that performs the encryption/decryption -- works with newer computers only that have the TPM installed). For local backups, I use a product that encrypts the files with AES256 as well (I use Norton Ghost 12). This keeps a full disk image available for restore, and daily incremental backups run very quickly. Go ahead and do the NeatReceipts scheduled backups as well, just put them on your local drive, and let Ghost take them to the external drive along with everything else. For online backups, use a service that compresses your data, then encrypts it with AES256 before shipping it over the Internet to their backup server. If possible, find a provider that has intelligent client software that copies only the changed blocks of the file -- so that it doesn't have to resend the entire file every day. (The NeatReceipts backup grows as you add receipts, and absent of an incremental backup, this file simply grows every day -- unfriendly for your online backup service because the entire file must be sent -- it's a totally new name, and complete backup every day). Only the high-end (pricey) services use AES256 for encryption, and they also usually escrow your encryption key for you (I'd rather keep my encryption key private from my backup provider). A cheaper service from carbonite.com recently made a change that enables you to keep your own encryption key locally, but they won't divulge the type of encryption -- I don't like not knowing the type of encryption as it doesn't provide the assurance I'm looking for to ensure adequate protection of the data. If you share your computer, I think you are out of luck, because the main NR database resides in a DB accessible to all users, and not in your own personal documents and settings folder. But if you share your computer, you have a lot of other things at risk as well and the other users would need to be limited users without administrator privileges to keep them out of your files. Even if the NR file were encrypted, you run the chance of having a keylogger trojan running that the shared users could utilize to determine your password. All that said...there's no perfect solution.

---

--
Joe

Hi Kristina,

Have you received any feedback on this important security issue?

 I too would like to provide password protection for my database information.

Regards

Neat Geek 

I have not heard anything except the replies to this forum.  I was pretty disappointed in the security of the software.   At the very least it would be nice to have a password that you have to enter before opening the program.  I don't necessarily want aunt sally to be able to sit down at my computer and look at my health file or see that I spent $200 dollars on my last meal out (I wish!). So for now I'm not using this program for docs.  I have to decide if I want to ebay the scanner as I can't seem to get it to work with other programs nicely.