Is a stolen PC effectively protected by a password?
August 24, 2010 3:26 PM   Subscribe

Very easy to do for a super-average thief. All they have to do is boot from a live-cd and browse the partitions, unless the drive is encrypted, which is the answer to your second question.

Encryption tools such as TrueCrypt can be used to encrypt your entire drive, and that should make it impossible for a super-average thief to get to your data.
posted by Sonic_Molson at 3:30 PM on August 24, 2010 [3 favorites]

it is very, very easy to pull unecrypted data off of a hard drive, no matter what password protections the PC in question may have.

smart people encrypt. TrueCrypt is a perrenial mefite favorite.
posted by radiosilents at 3:31 PM on August 24, 2010

Smart people and many corporations with staff "in-the-field" use things like TrueCrypt or BitLocker to encrypt their mobile data storage (laptops, USB drives/thumbdrives) in case of loss/theft.
posted by jkaczor at 3:32 PM on August 24, 2010 [1 favorite]

Yeah, the phrase "physical access is root access" comes to mind.
posted by I_am_jesus at 3:52 PM on August 24, 2010

Not very to not at all depending on the skill of the thief. With a live linux distro I can pull files off a windows (unencrypted) hard drive in about 2-3 minutes. nthing TrueCrypt.
posted by i_am_a_Jedi at 3:54 PM on August 24, 2010

Yeah, unless you have full system encryption such as the ones mentioned above, the password protection wil offer you exactly 0% increased security.
posted by Threeway Handshake at 4:02 PM on August 24, 2010

Ditto what everyone says above about encryption, plus I'll add this for background: Some industries have mandatory reporting requirements when a data loss event (like a stolen laptop or lost USB stick) occurs. Financial and medical are two industries in particular, but there are others. Basically, what this means is that if a device is lost that is likely to have contained personally identifiable medical or financial information - say a credit record database or something of that nature - the organization responsible for the data is required to disclose to regulators and the affected persons that the breach occurred.

However, if that organization can demonstrate that full-disk encryption was deployed on the lost/stolen device, they do NOT have to make that kind of potentially embarrassing public disclosure, as it is unlikely that the thief would be able to use the information on the stolen device.
posted by deadmessenger at 4:16 PM on August 24, 2010

What does the boot-time hard drive password do?

(Until recently, that's all my employer required. Now we use PGP full disk encryption.)
posted by smackfu at 4:56 PM on August 24, 2010

What's the difference in security between full-disk encryption and simply encrypting a directory, or a partition? I would think that if you're worried about keeping your data safe from marauding junkies, encrypting the data only would give you that while incurring less of a performance hit.
posted by harkin banks at 6:12 PM on August 24, 2010

The problem with only encrypting a directory: unencrypted temp files and caches, for starters. Applications and OS'es tend to leak and spew data all over the disk, not just in the directory where you "save" your data file.

Full-disk encryption these days is so cheap (both in terms of purchase cost and performance hit) that, for any laptop with exploitable data, there's little reason not to do it.
posted by Dimpy at 6:53 PM on August 24, 2010

What does the boot-time hard drive password do?

There exists software which can remove ATA passwords by somehow reading/writing the reserved firmware area of the HD where the password is stored. I guess they use undocumented low level ATA commands or something, which is a little disconcerting since I would have thought that the whole point of having a reserved area that only the drive firmware can access would be defeated by having commands that can access that area.
posted by Rhomboid at 2:03 AM on August 25, 2010

This thread is closed to new comments.