Company History

  Service Plans

  Store Location (map)

  Our Partners

  Contact Us

DIY, Self Help and Other Information

TIPS & SERVICES

  Computer Repair

  Computer Consulting

  Computer Networking

  Computer Security

  Data Recovery

  Technical Support

  Windows Registry

  Computers & Internet

  Computer History

  Computer Industry

  Computer Uses

  Computers in Business & Corporate Computing

  Hardware & Accessories

  Multimedia & Digital Imaging

  News

  Organizations & Associations

  Personal Computers & Computing

  Programming & Languages

  Software & Utilities

  Video & Computer Games

  World Wide Web

  Motherboards

  Processors

  Memory

  Hard Drives

  Monitors

  Cases

  UPS / Protection

  Fans and Cooling

  Cards

  DVD / DVR / CD / CDR

  Data Storage

  Multimedia

  Removable Storage

  Printer / Scanners

  Switches / Routers

  Mice / Keyboards

  Software

 

Computer Security

 

Full Disk Encryption Is Much More Powerful Than Password Protection

What exactly is password protection? The article explores this question, as well as whether password protection is enough when it comes to protecting digital assets.

It is not uncommon for companies to add the words "password protection" when making an announcement regarding the loss of a computer. As in, the computer was stolen but it was password protected. What is password protection? And is this protection better than other security measures like full disk encryption?

Because Microsoft dominates the world when it comes to computer operating systems, generally password protection refers to the Windows login prompt. The Windows login prompt is the little window asking for a username and password one faces immediately after booting up their computer. If you work with a Windows PC at work, chances are you’ve seen this prompt. If you use a Windows PC at home, there is a slight chance that you haven’t seen this prompt, since it’s not a required feature – you have to set it up.

To the average user, the Windows prompt appears to be a security feature. It’s probably because we’re so conditioned to think of a username and password as security. For example, if you’ve got an on line e mail account, the only way for you to get into that account is by supplying the correct username and password, also known as "creds" in certain circles (assuming you’re not working as an IT administrator at the e-mail company). If you don’t have the right creds, you don’t get in – end of story. This is also true when it comes to data encryption, assuming that one has to type creds (sometimes a token that looks like a small flash drive can take place of usernames and passwords).

The Windows prompt, however, is not as foolproof as an e mail account. For example, have you ever noticed that you don’t have to supply an extra set of creds when you connect an external hard drive to your computer? Security wise, it only makes sense to supply two sets of creds, one for the external drive and one for the internal hard drive in your computer. But this is not the case; one set of creds gives you access to everything.

And if you take that external hard drive and hook it up to a different computer…you still don’t need to supply a username and password. Not only that, you’ll be able to read the contents of that drive. Why stop at that? You could copy data from the external drive to the computer and vice versa. Clearly, the Windows login prompt was not designed to protect access to the contents of your hard drive – it was designed to protect access to your operating system.

What is more telling of that last statement is that, if you take the internal drive of a computer and connect it to another computer (and turn the displaced internal drive into what’s known as a slave drive), you’ll be able to read the contents of that drive without providing the creds at all! In other words, the only difference between an internal and external drive lies on how easily you can unhook it from one computer and hook it up to another computer. Besides the cosmetic appearance, both types of drives are the same.

This is the reason why data security bills like California’s Senate Bill 1386 – the one that started prodding companies to reveal data security breaches – require companies to reveal the theft of computers, including those with password protection. On the other hand, lose a computer with hard drive encryption and there is no need for a public announcement.

 

Featured Products 

Top News 

 

Home       About Us       Support       Services       Contacts       FAQ

 

Copyright ©2010 Techs N The City
A division of the Marktronix Corporation