Laptop Security?

Discussion in 'Windows OS and Software' started by Drew1, Aug 22, 2017.

  1. 6730b

    6730b Notebook Evangelist

    Reputations:
    150
    Messages:
    382
    Likes Received:
    337
    Trophy Points:
    76
    The topic I refered to in earlier post deleted due to some spam.
    My reply in that topic was (roughly):

    bios password + bios hd password, + some windows password if one wishes.

    Then bitlocker (if the windows version got it). Partition hd, keep c: 'normal'. d: 'bitlocked' and put anything and everything sensible on that drive.

    Be serious with passwords (remembering...). & backup \ image regularly to external media (hd, cloud).

    Good luck.
     
  2. ArazelEternal

    ArazelEternal Notebook Guru

    Reputations:
    5
    Messages:
    50
    Likes Received:
    20
    Trophy Points:
    16
    Maybe I am just paranoid, but I have my laptop locked down pretty hard.

    I have a user password set for Windows. The built in admin account is disabled.

    I have a UEFI password set and the boot order set so the first boot item is the SSD. This way, to get it to boot from any other device the UEFI password must be known.

    Both the SSD and SSHD are encrypted using Bitlocker.

    I have Malwarebytes 3.1.6 installed and use it along with the Defender built into Windows.

    While this doesnt make it impossible to get my data if someone is truly after it, it should discourage most people.
     
  3. Drew1

    Drew1 Notebook Evangelist

    Reputations:
    5
    Messages:
    474
    Likes Received:
    9
    Trophy Points:
    31
    Okay so which is more preferred here... bitlocker or veracrypt?

    Can someone tell me how long does it take to encrypt using either of these programs? I have an SSD hard drive.

    Okay so i assume with either of these programs, you need to remember a password right? Thus its similar to like axcrypt when encrypting documents on computer? So with bitlocker, you need to type in a password in order to open your hard drive or ssd so to speak? Thus with bitlocker, not only do most people have a user password set for windows... after you enter that, you need to enter the ssd or hard drive password as well in order to access the computer basically?
     
  4. TreeTops Ranch

    TreeTops Ranch Notebook Deity

    Reputations:
    280
    Messages:
    786
    Likes Received:
    53
    Trophy Points:
    41
    So many passwords just to do a little work on the computer keeps most people from doing the password thing. Finger print may be an easier way but that also has problems with ways to bypass that too.
     
  5. kokies

    kokies Notebook Guru

    Reputations:
    2
    Messages:
    66
    Likes Received:
    3
    Trophy Points:
    16
    Yes a password is required and I think Bitlocker works with TPM, one of the idea is so that when the laptop is physically stolen, they cannot remove the HDD and access it, the password is required on that same machine with TPM I guess. I had a C drive with Bitlocker and lost the password, even after reformat I cannot seem to use it properly, it had to be changed. I can only assume without the password it will not match a TPM, even after reformat or something like that...........
    Agree with every advice given here, it is not difficult to access your data with just a Windows password. For my set up I have a BIOS password and a Windows password but I did not encrypt the HDD with Bitlocker due to my previous experience with it. If the laptop is stolen I will rely on the BIOS password to secure it(if it is a higher end laptop will need to approach the manufacturer to re set the BIOS), as for the data I really don't have NASA's flight plans so I rely on back ups of data which I think is more relevant for normal users.
     
  6. Jarhead

    Jarhead Systematic Love

    Reputations:
    4,816
    Messages:
    11,863
    Likes Received:
    2,470
    Trophy Points:
    581
    Bitlocker does work with TPM, though note that TPM itself is a feature not commonly found on consumer-class laptops, so it's unlikely OP even has TPM.
     
  7. kokies

    kokies Notebook Guru

    Reputations:
    2
    Messages:
    66
    Likes Received:
    3
    Trophy Points:
    16
    Also to consider If the security are Bios password, windows password then Bitlocker password, there will be a lag in accessing the PC. Example I have a nvme drive which is supposed to be fast but with the layers of passwords it will take the same time(or maybe longer) as a sata.
     
  8. kokies

    kokies Notebook Guru

    Reputations:
    2
    Messages:
    66
    Likes Received:
    3
    Trophy Points:
    16
    Gotta review this Bitlocker with TPM again before into production. The last time I used it was disastrous.
     
  9. 6730b

    6730b Notebook Evangelist

    Reputations:
    150
    Messages:
    382
    Likes Received:
    337
    Trophy Points:
    76
    Out of interest, what did you do \ what did happen to cause a 'disaster' '? (btw, disasters are not happening (maybe minor annoyances) for anyone who have good backup plans).

    Have used bitlocker for years and years on internal and external drives, laptops w\wo tpm. Steady as a rock here (but that does not put me to sleep nor makes me trust that anything will work forever, am always adhering to strict backup routines).
     
    kokies likes this.
  10. t456

    t456 1977-09-05, 12:56:00 UTC Moderator

    Reputations:
    1,052
    Messages:
    2,095
    Likes Received:
    1,283
    Trophy Points:
    181
    Those things are useless, trust me (anti-theft. too). With the right tools they can be easily reset (even on the latest systems) and they won't protect the data on your drive anyway, except if you use drive encryption. Same thing for a Windows password; they're only useful if you share the machine with people that can't be trusted with an admin account.

    Drive encryption is really the only security measure that makes sense *. Even then; only a few password lists, banking details and the like are truly important to keep away from others, so might as well use something like VeraCrypt and secure only those files. After all, every password you have to type is a bother, so better stick to those methods that are absolutely secure and for only those bits of data where it makes sense. Not a lot of use in encrypting OS files or those of installed programs, one should think. Just remember that password manager in the browser; might want to password-protect that manager or use KeePass instead.

    Also, a direct attack or theft is a remote second to ransomware (and failing drives), so either consider a good antivirus program and/or make regular read-only backups, preferably on a non-attached storage medium. You wouldn't want to wake up to a locked computer and find out your backup images have also been affected. Now, the passwords that are really important are those of your email accounts; having access to those means anywhere you've registered using that email account can be taken over with a simple 'forgot password' click. Knowing the Yahoo database has been compromised for a year or so before the general public became aware of it; good idea to use different, hard-to-crack passwords for those and change them once in a while. Or run your own email server, if you like.

    If the hardware is important (due to modding or something) and there's some spare room left inside then embedding a GPS tracker might be useful. Those for-car models can also remotely cut power using a relay, so interposing that between the battery and DC connector would mean you can remotely 'kill' the laptop. Most will consider it dead then and if you make it look not so much diy but more 'believably original' then even someone experienced with opening laptops may be fooled. Still won't protect that hard drive, of course.

    *) Perhaps not using something that relies on TPM though; some people have had a small bios hiccup or corruption trigger a lockdown and no way to access their data. Don't know whether writing back a BitLocker encrypted image to a reflashed system might resolve that, but if it doesn't :vbeek: ...
     
    kokies and Jarhead like this.
Loading...

Share This Page