PDA

View Full Version : OT-Password Protection for Laptop



Jim Caudill
01-31-2008, 02:37 PM
I just bought my first laptop. I have sensitive information regarding banking passwords and other info that I do not want known outside my family. Is there a way to "password protect" the entire computer? What would you suggest if not? Some of the files are spreadsheets, checking (quicken & quickbooks), sensitive correspondence to do with estate matters, etc. I'm looking for a global solution rather than a hodgepodge of encrypton programs for passwords or other individual files.

Peter N
01-31-2008, 02:53 PM
I don't know what operating system you have, but on my laptop running XP Pro, you just go to >Control Panel, >User Accounts, >Change the way users log on and off, >Use Welcome Screen, and then set a password option with this.

I think there are other ways to do this, but this works well for me.

Peter

ahidley
01-31-2008, 03:23 PM
Put a password in the BIOS and one in windows. Store sensitive docs in your documents and settings and only allow your login to read that directory. When a backup is made also enable the password feature on that.

smiller6912
01-31-2008, 03:32 PM
I need my Quickbooks, Access, and Excel files at work and at home so I save all of my sensitive stuff on a USB drive, password protect access to it and keep it on me or in my locked file cabinet.

bob_s
01-31-2008, 03:43 PM
I use WINZIP with password to encrypt all of the information and store only the ZIP file live. Before any going through any financial transaction the appropriate information is extracted from the ZIP file, transaction conducted, modified data resaved to the ZIP file, and then the live transaction data removed from the hard-disk.

smiller6912
01-31-2008, 03:59 PM
I just remembered, MS (a few years ago) released a program, "My Private Folder", it was some freebie thing, it creates a password encrypted folder that you could use for sensitive files. (I keep all my porno in mine). All the big corporations pitched a fit because they had no way to break into their employees private folder and so MS pulled it within days. If you want, I have a copy that is free to share, let me know and I'll be happy to get you a copy......:cool:

Jim Caudill
01-31-2008, 04:34 PM
I'm using Windows XP Home and I just set the "supervisor" and "user" passwords in the BIOS setup area. Would this be sufficient should someone steal my laptop and just want to "fool around" with it? Could someone remove the hard-drive and put it in another computer (thereby getting around the BIOS)?

ahidley
01-31-2008, 04:48 PM
deleted by ahidley

rkepler
01-31-2008, 06:50 PM
Look for disk level encryption software. Basically, it encrypts everything on the disk at the data level so nothing can be read even if the disk drive is pulled and read on some other system. Microsoft offers "Bitlocker", but they're pretty pricey (and I wouldn't bet against their leaving a backdoor, myself). Here's a link to a wikipedia page comparing various offerings, commercial and non-commercial: http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

Evan
01-31-2008, 07:15 PM
With the exception of the suggestion by rkepler all of the previous suggestions will work as explained but are trivial to circumvent. If you have sensitive information that must be kept confidential then the only secure method is strong encryption. In this context the word "strong" has a special meaning. It means that it has been shown mathematically that the encryption cannot be broken by other than a brute force attack that would take either computers that don't exist at this time or in some cases longer than the universe will last in order to break the code.

There are various drive level encryption systems available. Some are better than others. Not all use strong encryption. The bitlocker system from MS depends on a special motherboard hardware level device so if your computer doesn't have it you cannot use it. The only safe system is one that encrypts the entire drive, not individual folders. When you access encrypted data it must be translated to clear text and various copies of that data can remain in the clear even though you think you have closed and/or deleted everything.

Full drive encryption solutions normally depend on a key that you must supply, either from memory or a hardware key such as a USB drive. If you forget or lose the key then you are screwed.

Carld
01-31-2008, 10:30 PM
Jim, they make very small external hard drives now and it would be best to store all private info on it and keep it seperate from and hidden. When you need it plug it in and work out of and to it. That way nothing can be found on your computer. A good 'puter person can get into any file eventually.

J Tiers
01-31-2008, 11:51 PM
With XP, and presumably with Vista, I understand that stick drives can not only hold data, they can run software that exists only on that drive.

In addition, they have some form of passwording, the strength of which I don't know.

Presumably, the drive can be kept under better security than a whole computer, which must be accessed by others.

The issue which Evan brought up is a fundamental flaw of MS stuff, it sprays your info all over the disk, in ways which probably only 100 or so MS people really understand. I suspect that even data "only" on your stick drive may be copied elsewhere, either by crummy MS software, or by government fiat......

Don't discount the latter..... quite possibly a lot of what you do on your computer is trackable by various records and "saved status" files, etc. Of course if you NEED to get some of it back for a restore, you will be told that it isn't stored and can't be recovered. But if you were prosecuted for something, magically some of it could be found...............

Evan
01-31-2008, 11:57 PM
Using an external drive doesn't help. When you access anything on your computer regardless of where it is stored it is brought into ram and may end up being swapped out to the page file. The page file resides on the system drive by default and survives a reset or power off. It isn't automatically erased but is eventually written over through use. Data can linger in the page file for a long time depending on circumstances and isn't difficult to access for someone that knows how. A simple Linux boot disk will do the trick. There are also cookies and browser caches to worry about as well as temp files. Then there is registration data for software, browser history files, documents accessed history and autosaves from various document creation programs as well as e-mail. It's nearly impossible to use a default installation of Windows without leaving bits and pieces of whatever you were doing scattered all over the place.

The only secure ways are to either use an encrypted drive system or to boot from a Linux CD and store persistent data on a thumb drive.

Jim Caudill
02-01-2008, 12:43 AM
Thanks Steven

andy_b
02-01-2008, 01:58 PM
With the exception of the suggestion by rkepler all of the previous suggestions will work as explained but are trivial to circumvent. in the clear even though you think you have closed and/or deleted everything.


yup, i agree 100% with Evan and rkelper. where i work they instituted a harddisk password policy. i was talking to the IT guys and asked how hard it was to figure out if i forgot the PW. he told me they were able to recover any data from any PC they tried, EXCEPT the ones with the PW-protected HDD. he said they had a system that they setup to try and crack, and the last time i talked to him they still had never cracked it. now this isn't the NSA we're talking about, but the guys i work with are pretty good at data recovery from PW-protected systems.

me personally, my work laptop sits out unprotected all the time. if someone wants to steal it, they can have it. somewhat similar situation on my home PC. the chances of someone breaking into my house and stealing my PC and making use of income tax records is about the same as me winning the next megamillions lottery. i'm a nobody living in a no-name town on a small street in the middle of nowhere. i'm more concerned about a chinese-induced economic collapse than "identity theft".

of course, if one of your hobbies is child porn or you regularly deal with drug lords and mob bosses, you may want to take more protective measures.

andy b.

Evan
02-01-2008, 02:40 PM
I don't worry much about identity theft as I am very well known in this town. Anybody that tried to use my identity here would be noticed just about anyplace they tried to use it. As for somebody using it out of this town it's real easy for me to prove where I have been every day. My posts here are made from a particular IP address that is assigned to my satellite receiver here at home and cannot be accessed or used from another location. I also have certain protective measures in place to prevent such an occurence.

Carld
02-01-2008, 03:04 PM
Well Jim, from everything that has been suggested here I think you need a small laptop computer just to do the private stuff on and never hook it up to a web site and never let ANYONE but you and the wife use it and make it password accessable only. If windows puts stuff everywhere on a 'puter what hope do you have to keep it safe from anyone.

On the other hand most thiefs are not 'puter savvy and are only stealing it to sell for drugs and the buyer will format it and sell it to Joe or Jane.

I have an external hard drive with a complete operating system and files on it and was told by a windows tech that when I plug it in and address it there is nothing that is transfered to the hard drive on my PC, that they work completely seperate from one another. The only time info is passed from external to PC is when I manually do it. That only works if you have an operating system on each hard drive.