Loss of computer - how much does the password protect?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

In case of loss/theft of a computer, to what extent does the password (the
one when you start the pc and the one when you log onto xp) protect the data?
i.e. how difficult is it for someone who does not have the passowrd to access
the data on the harddisk?
 
Neither are secure if you PC is in the hands of a knowledgeable person, the
Windows XP password can be cleared in a matter of a minute or 2 at most, the
BIOS (boot) password can be cleared just as easily.
 
inquirer tablet pc said:
In case of loss/theft of a computer, to what extent does the password
(the one when you start the pc and the one when you log onto xp)
protect the data? i.e. how difficult is it for someone who does not
have the passowrd to access the data on the harddisk?
Click to expand...

In addition to the other reply - this is when you want to look into EFS
(encrypted file system). Be careful, though - it really works. Don't find
out the hard way & lock yourself out.
 
inquirer said:
In case of loss/theft of a computer, to what extent does the
password (the one when you start the pc and the one when you log
onto xp) protect the data? i.e. how difficult is it for someone who
does not have the passowrd to access the data on the harddisk?
Click to expand...

A password is *not* protection in itself.
If the password is connected with data encryption - then there is some level
of protection.

The long/short of it - if someone who has any clue what they are doing (or
any clue how to utilize google) gets their hands on a computer for a bit of
time (physical access to the system, unheeded) - and the only protection on
said system is the logon password scheme... I would expect all information
on the machine to be opened to them in less than 20 minutes to an hour
(depending on which clue they had and how prepared they were.)
 
inquirer said:
In case of loss/theft of a computer, to what extent does the password
(the one when you start the pc and the one when you log onto xp)
protect the data? i.e. how difficult is it for someone who does not
have the passowrd to access the data on the harddisk?
Click to expand...

As others have indicated the passwords can easily be circumvented, if you
want to go down the EFS path (and you must have XP Pro for this) then read
the following articiles, but BE WARNED, using EFS incorrectly can make your
data unusable for every one including yourself.

The Encrypting File System
http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx

Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316/en-us

How to back up the recovery agent Encrypting File System (EFS) private key
in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/kb/241201

How To Encrypt a Folder in Windows XP
http://support.microsoft.com/?id=308989

How To Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993

How To Encrypt a File in Windows XP
http://support.microsoft.com/?id=307877

HOW TO: Share Access to an Encrypted File in Windows XP
http://support.microsoft.com/?id=308991
 
inquirer said:
In case of loss/theft of a computer, to what extent does the password (the
one when you start the pc and the one when you log onto xp) protect the data?
i.e. how difficult is it for someone who does not have the passowrd to access
the data on the harddisk?
Click to expand...

I've responded to other posts concerning the EFS on Windows which noted
the same cautions. You might want to try what I now use on my home and
notebook PCs.

I use an encryption application called TrueCrypt, you can get it at
truecrypt.org.

It is an open source application and is free.

Its dead simple to setup and use and it does not use
Windows EFS nor rely on any Windows security features
for its encryption. You can copy, email, duplicate etc the virtual
volume. Its nice to make small volumes and mail sensitive info without
fear of compromise.

From the True Crypt web site, it has the following features:

* Creates a virtual encrypted disk within a file and mounts it as a
real disk.

* Can encrypts an entire hard disk partition or a storage device
such as USB flash drive.

* Encryption is automatic, real-time (on-the-fly) and transparent.

* Provides two levels of plausible deniability, in case an
adversary forces you to reveal the password:

1) Hidden volume (steganography –

2) No TrueCrypt volume can be identified (volumes cannot be
distinguished from random data).

* Encryption algorithms: AES-256, Serpent, and Twofish. Mode of
operation: LRW.


First, I created an encrypted virtual volume, and for the applications
that have personal data I don't want compromised, I create directories
in the virtual volume and edit the application preferences to store my
data into these folders.

I do this for all of my applications, including Quicken and Lotus
Smartsuite applications.

The application has a feature to mount the drive at system startup and
then prompt for the password (defined at volume creation) of the
encrypted volume.

Good Luck

Marty
 
Back
Top