Full Disk Encryption Is Much More Powerful Than Password Protection.

It is not uncommon for companies to add the words “password protection” when making an announcement regarding the loss of a computer.  As in, the computer was stolen but it was password?protected.  What is password protection?  And is this protection better than other security measures like full disk encryption provided by data security solutions providers like AlertBoot?


Because Microsoft dominates the world when it comes to computer operating systems, generally password protection refers to the Windows login prompt.  The Windows login prompt is the little window asking for a username and password one faces immediately after booting up their computer.  If you work with a Windows PC at work, chances are you’ve seen this prompt.  If you use a Windows PC at home, there is a slight chance that you haven’t seen this prompt, since it’s not a required feature – you have to set it up.


To the average user, the Windows prompt appears to be a security feature.  It’s probably because we’re so conditioned to think of a username and password as security.  For example, if you’ve got an on?line e?mail account, the only way for you to get into that account is by supplying the correct username and password, also known as “creds” in certain circles (assuming you’re not working as an IT administrator at the e-mail company).  If you don’t have the right creds, you don’t get in – end of story.  This is also true when it comes to data encryption, assuming that one has to type creds (sometimes a token that looks like a small flash drive can take place of usernames and passwords).


The Windows prompt, however, is not as foolproof as an e?mail account.  For example, have you ever noticed that you don’t have to supply an extra set of creds when you connect an external hard drive to your computer?  Security wise, it only makes sense to supply two sets of creds, one for the external drive and one for the internal hard drive in your computer.  But this is not the case; one set of creds gives you access to everything.


And if you take that external hard drive and hook it up to a different computer…you still don’t need to supply a username and password.  Not only that, you’ll be able to read the contents of that drive.  Why stop at that?  You could copy data from the external drive to the computer and vice versa.  Clearly, the Windows login prompt was not designed to protect access to the contents of your hard drive – it was designed to protect access to your operating system.


What is more telling of that last statement is that, if you take the internal drive of a computer and connect it to another computer (and convert the displaced internal drive into what’s known as a slave drive), you’ll be able to read the contents of that drive without providing the creds at all!  In other words, the only difference between an internal and external drive lies on how easily you can unhook it from one computer and hook it up to another computer.  Besides the cosmetic appearance, both types of drives are the same.


This is the reason why data security bills like California’s Senate Bill 1386 – the one that started prodding companies to reveal data security breaches – require companies to reveal the theft of computers, including those with password?protection.  On the other hand, lose a computer with hard drive encryption and there is no need for a public announcement.

Comments (0)

Let us know what you think