2

Scenario:

  • a person owns and used only a laptop (or PC) and on its hard drive is stored sensitive information, in addition, in browsers the logged-in sessions to gmail, facebook, server, etc...etc..

Existing secutiry:

  • Hard-drive is password protected (set from BIOS, thus pwd is asked on PC boot, before boot to Windows).

  • Windows user is password protected, so before person leaves pc, always switchs offs the user.

Goal:

  • The goal is to protect PC as it was still easy to use as normal computer (Windows 10 installed) for everyday use. What things needs to be done to protect laptop/computer so, even if someone steals hdd/laptop or even gets access to it (when the person is away from pc), so noone can access data? I suspect the above listed things are not good-enough.
Anders
  • 64,406
  • 24
  • 178
  • 215
T.Todua
  • 2,677
  • 4
  • 19
  • 28

1 Answers1

3

The best solution for protection of the contents of a fixed storage medium is to use a password-based full-disk encryption system with a strong password. Windows 10 Pro and Enterprise come with BitLocker, which can be configured in such a mode. Third-party products are also available to accomplish the same task.

Many of these products provide an automatic unlock feature. While this is more convenient, it can also be a vulnerability. Essentially, this feature sets up a chip on the motherboard so that the hard drive can be unlocked without typing a password as long as it is in the same computer.

Since you're concerned about the whole computer being stolen, automatic unlock might defeat the protection that the encryption provides in that case. However, the thief would still probably have to get past the Windows password, because they wouldn't be able to get at the drive without booting into Windows.

Alexander Martin
  • 171
  • 2