Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

How do I secure a hard drive before sending it in for repair?

//
How does one secure a hard drive while sending the computer to a repair facility? I have personal financial information on my hard drive and will just a password provide sufficient protection while the computer is in the shop? After the fact, is there maybe a way to find out if someone has copied the files?

What you’ve presented is actually quite a dilemma.

To answer the second part first: no. There’s simply no way to determine if your files have been copied – at least not in any way that absolutely says they were copied with malicious intent.

The problem is, there’s really no fool-proof solution to your scenario. In fact, I’ve heard of companies occasionally electing not to repair a hard drive, because it meant that sensitive data might be visible to repair technicians.

Your options to secure a hard drive are limited, but if you can plan ahead, there’s a chance.

Become a Patron of Ask Leo! and go ad-free!

Physical security

The problem is basic. Handing your computer to a technician for repair violates one of the fundamental principles of computer security: if ‘s not physically secure, it’s not secure. Period.

That’s actually true regardless of the reason. Handing your computer over to anyone is fundamentally not secure.

It really all boils down to trust. In an ideal world, you would have a totally trustworthy technician working on your machine. In the real world, we’ve all heard of data being stolen by folks with access to your machine.

So what to do?

Plan ahead with encryption

The only completely secure solution to safeguard a hard drive is to encrypt it, or the sensitive data you store on it.

Now, you might opt for whole-disk encryption, but the problem here is that the technician might still need access to it to fix your machine – meaning you’ll have to share the decryption keys so he or she can boot the system. After doing so, the tech will have access to everything.

The more practical solution to secure a hard drive would be to encrypt only your data, using tools like TrueCrypt, BoxCryptor, or others.

When your data is not “mounted” (the approach both of those tools use to access your encrypted data), your technician can work on your machine without being able to access your sensitive information.

Can you secure a hard drive?Last-minute solutions

That type of encryption is nice if you’re willing to put the effort in ahead of time, and if it’s worth the hassle to protect the data just in case the machine might someday need to be sent to a technician.

For most people, I suspect it’s just not worth the effort.

Unfortunately, there aren’t really any last-minute solutions. You might want to encrypt before you send the machine off for repair, but if your machine is so broken that you can’t do that, then you’re stuck.

There’s one possibility: if the problem you’re having the technician look into is not hard-disk related, one option might be to remove the hard disk while he or she works on your machine. He or she (or you) would need to provide a temporary hard disk so he can work on your machine, but at least that wouldn’t have your data on it. When you get the machine back, you replace your hard drive, and hopefully all is well.

Unfortunately, most problems involve the hard disk at some point. Be it actual hard disk failures or software configuration, what’s on the hard disk is typically at the heart of any repair work.

Application password protection

Using an application’s own password protection is better than nothing. If your bookkeeping program, word processor, or some other program provides this layer of protection, you should probably use it.

Ultimately, however, application password protection isn’t the same as taking steps to secure a hard drive. It’s best to think of it as no more than “keeping honest people honest”.

The problems with using the password protection provided by many applications include:

  • Sometimes, a password doesn’t mean the data is encrypted. It simply prevents the application from opening the file without the proper password, but the information in the data file remains unencrypted and potentially visible.
  • Sometimes, the encryption is “light”. By that I mean that the encryption is perhaps more properly called “obfuscation” to keep the data from being so easily visible. To someone truly interested in cracking the file, it’s not much of a barrier at all.
  • Sometimes, the encryption is wrong. By that I mean that there are simply bugs in the application, or poor decisions made by the designers, that make the encryption less than completely secure. Application authors are rarely security experts. The net result is that the file could be vulnerable to a hacker intent on breaking in.

Yes, it’s possible – probable, even – that with major, mature, applications the encryption is appropriately secure. It’s also unlikely that your technician is an expert hacker ready to crack half-way reasonable encryption.

But, in either case, how do you know?

The bottom line is trust

Your options are few and inconvenient.

  • If you can, if you’re willing, encrypting sensitive data ahead of time makes sense in general. It also protects you should your computer ever be stolen.
  • Investigating the security of the password protection of your applications is a good idea; if it’s good, using it to secure your data can help.
  • If you have sensitive data that you know is unencrypted or vulnerable, then never give that machine to someone you don’t trust completely.
  • If you can’t find someone to trust, then perhaps not repairing the system – or at least the hard drive – might be the most pragmatic solution of all.

Naturally, I have to throw in a recommendation for backing up.

Backups sidestep this issue completely in many (though not all) cases. If your hard drive dies, rather than having a technician fix it – and potentially access your data – replace it immediately and restore from your most recent backup. Destroy the broken drive for additional security if you like.

As I said, that doesn’t work for all situations – such as a motherboard failure1 – but it’s relatively quick and easy, and above all, secure.

But like most of the solutions we’ve discussed here, proper prior planning is required.

Podcast audio

Play

Footnotes & references

1: Though for that, you could swap out the hard drive with an empty one, and let the technician have at the machine that way.

36 comments on “How do I secure a hard drive before sending it in for repair?”

    • I know your comment is years old. But I had to post a response to say, you must have not read the whole article. Maybe the ads that show half way down gave you the impression you had read to the end. However, if you did read to the end of the article. You would see at the end, he says you can sidestep all these issues by simply backing up your hard drive before sending it in for repair.

  1. Back everything p regularly with a disk imagine program and then wipe the disk -properly -before sending in the pc for repair

  2. If possible I would put in a substitute hard drive if available.Almost everyone I know that has brought a PC in for repair has had the hard drive formatted by the tech even if you leave instructions for them now to do so.
    [link removed]

  3. My Solution – I have a second H/D that I have straped as a slave and use hardware from Manhatan (Hi-speed USB 2.0 to SATA/IDE Adapter w/powersupply about $25.00). That way I can save my data to the slave and after any repairs I just transfer my data back to my orignal H/D. Very User friendly.

  4. Sending back a laptop without a booting hard disk drive is not acceptable to at least one of the largest mfg’s (provided the problem is not the hdd). Jim’s solution above would be one the best.

  5. This is basically Jim’s ans above but with a twist. It seems to me that the simplest way is to put your sensitive data on an external drive. With your data there it doesn’t matter what happens to your computer. Basically, you don’t worry about sensitive data on your computer because it never was on your computer in the first place. BTW, I just got a 1TB drive for under $130.

    Two issues: 1) what if that external drive fails? (i.e. be sure you backup), and 2) what about sensitive data whose location you can’t control, (i.e. perhaps there’s something you’d consider “sensitive” in your registry?)

    – Leo
    06-Feb-2009
  6. I’m glad that there are others that have taken the words right out of my mouth. Always do you best to learn how to keep your pants at your waistline and not at your knees. LOL Shawn Patrick from Toronto, Canada

  7. When I get a new computer or install a new HDD, the the first thing is to make an image of the HDD with Acronis True Image to external media. Then make regular image backups. Before turning the computer over to someone else, Wipe the HDD and put the orignal image back on it.

  8. Some very good suggestions. Thanks. However one of my concerns, not covered, is how to securely lockdown one’s email client prior to handing over the computer? Seems to me that email itself often contains a huge amount of personal data. Mine sure does. Password protection of the app is sometimes possible, but useless, as so easily broken.

    Just a word here too about the security passwords built into laptops. These provide very good protection, too good, as I found out to my lasting regret when I spilt a BIT of water onto the k’board. Some of the keys shorted and I was no longer able to enter a part of my password, so was permanently locked out of my laptop. An external USB keyboard of course was no help at all. These passwords are so built-in esp. the SVP which I believe resides in a hidden chip on the m’board, that you’re hosed if you forget them or have a disaster like mine. Seems there’s no password unlocking utilty around that can recover them. Well I certainly hadn’t forgotten mine. So be warned!

    If anyone’s got any lateral thinking on a solution for this, other than a new MB, please reply.

    I store all my mail folders on an encrypted TrueCrypt drive. Without the password, they can’t be seen.

    – Leo
    15-Mar-2009
  9. Hi

    Thanking Leo.
    Regarding this problem how a technicine is going to repair your computer if the hard disk is empty ?
    I was rather thinking of a deontological protection.

    The technician will boot from a diagnostic CD or other media.

    – Leo
    06-Apr-2009
  10. I know techs who say they never pay any attention to what’s on a hard drive and I know techs who say they always look at what files are on them. Some of the latter say they just look to see what the person has in their music and picture folders. One guy was honest enough to tell me that he goes through the files of every hard drive that comes through his shop, looking to see what (if any) porn pics the person has on there.

    So the basic rule is, never have anything saved on your hard drive that you’d be embarrassed to have a computer tech see if he snoops through your stuff.

    • Unfortunately, most technicians wouldn’t allow it. The job takes usually takes longer with someone asking questions, making useless suggestions etc. I don’t mind as so much if I’m getting paid by the hour. 🙂

    • Mostly because repair people are often in other places miles away. Some are large corporations that dont’ allow random strangers into their work areas. And some technicians work on their schedule, not yours.

  11. The obvious solution that comes to mind is to learn to do your own repairs. It is not nearly as difficult as many people seem to think. You can find videos on YouTube about diagnosing problems and replacing components, and once you get into it, you will probably find yourself wondering why you ever paid anyone to do these things.

  12. I have two 2TB external drives that everything goes on, and to play it real safe I also have Google and Asus Cloud Storage for my docs. But I also have nothing to hide.

  13. Excellent article and some of the replies are good too:-) In particular, Jenny’s one about locking down your email client rang very loud alarm bells! I have all my user folders stored on a slave hard drive, which I could easily remove before sending my PC for repair. I also have a 10GB folder encrypted by VeraCrypt, into which I save all my sensitive data. And I do regular daily backups to external drives. But it had just never occurred to me that anyone can just click on your email client, get all your email addresses and read all the emails still stored on it! And even if I disconnected the slave drive, which contains my Windows Live storage folder, because all my emails are now IMAP, they would all just be downloaded again if anyone opened the email client while the slave drive was disconnected. And I cannot see any way round that problem at all. So if anyone has any suggestions, I would be most grateful.

    • One way to prevent people from being able to download your IMAP or POP emails is to remove the stored password from your Email program. That way anybody using your computer would have to know the password to re-download those emails. Unfortunately, Thunderbird still allows access to your already downloaded emails.

  14. Another thing to think about are “shortcuts” for your browser. The shortcuts can be easily found, copied to an external drive, then deleted from your main drive leaving just an empty folder. Shortcuts may be the most embarassing thing on your computer. If not embarassing at least it will tell them sights you frequent.

      • Sorry about using sights instead of sites. I’m at that age (over 60) that doesn’t accept new words easily. When I went to school site was a mis-spelled word. Now it is a real word. Aint wasn’t a word either bur was listed in the dictionart as a comonly mis-used abreviation for is not and are not. Times change faster than I can keep up.

  15. I have seen a couple of suggestions close to mine, but not quite the same.

    If you are talking about a corporate environment, then the standard should be that ALL work files, sensitive or not MUST only be stored on the corporate network. That way there is no sensitive data on computers that are in exposed work areas (assuming the servers have adequate physical protection) for hackers to be able to reach. And also, corporate IT is responsible for providing adequate backup of information on the servers.

    If you are talking about a personal computer then my favorite solution is to create a separate “Data” partition. This makes it easier to target files for encryption. This is half way to using an external drive.

    For home users particularly, they should look into make full use of the backup features available in Windows 8 and 10. Using the “FileHistory” tool to automatically save files to a local, but external (second) drive provides protection against physical drive death. Then using the Windows and OneDrive “Sync” feature you can have automatic ‘Offsite” backup and a “3rd” copy of each file.

    Here are some links to Win 8 and 10 specific backup articles:
    Win10’s hybrid backup system
    http://windowssecrets.com/top-story/best-of-breed-win10s-hybrid-backup-system/

    With a combination of File History and OneDrive, your files are automatically saved to three separate locations: your primary data drive, your external File History drive, and your secure OneDrive offsite “cloud” account — all in near-real time. This virtually guarantees that you’ll never lose an important file again!

    This one set of features is almost enough to encourage me to recommend that people upgrade to Win 10 . Win 10 now allows CONSUMERS to easily do a PROFESSIONAL grade total backup system.

    Win 8/8.1 Total Backup System: File History + RecImg.EXE + Refresh + SlimImage – Wiki
    http://answers.microsoft.com/en-us/windows/wiki/windows_8-files/windows-881-total-backup-system-what-ms-forgot-to/06f16f5e-6e82-4332-b39e-7d674d8fea28?tm=1414346084295

    http://www.davescomputertips.com/wp-content/uploads/2015/03/backup-now.jpg

    • Unlike Fred Langa (author of the Windows Secrets article) I’m not a big fan of Windows 10’s backup. That being said, it’s better than no backup at all, and anything that gets people to actually back up is a good thing.

  16. My apple imac wouldn’t switch on after a power cut, so I had to send it off via a technician. I had not backed up for 2 weeks, so they are going to see if they can retrieve all files , as they think something has seriously grilled inside. Now, they will have access to all passwords saved in the computer etc,
    I assume if I change my email server password ( with my mini ipad which is still working!) , at least anyone untrustworthy would not be able to change passwords on paypal, amazon etc because hopefully they would not be able to access the emails in the computer after the server password change. Whereas I am still able to access my emails myself in mail on the ipad. Therefore just changing the email server password should be enough, as apposed to having to change all shopping account passwords. For the rest of the files photos, my artworks etc , I must just hope no-one will be interested in them….

    • Although it’s unlikely that a professional technician would do something like that, there’s still a chance. Personally, I’d change all of the passwords. Changing your email password wouldn’t be enough as someone with the passwords could still buy things on Amazon clean out your PayPal account, etc., and in some cases even change your passwords, as not all accounts require a verification email or text message to change a password.

  17. Just a thought – back up everything on your hard drive using Macrium Reflect (even make an image backup), securely erase all data on your drive (you could even just reinstall Windows so it would boot.) When you get it back then you can just restore the data or the image and be ready to go.

  18. The dangerous site… That you call a number so you can get out of it……. Thank you for any help in this matter….P.S> I was able to pull out…. But now Being very carefull………

  19. I am glad you mentioned to plan ahead before your mac breaks by encrypting your sensitive data. I recently got my computer repaired after cracking the screen. Thank you for the information on how to secure your information before fixing your computer. {Link removed}

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.