Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

My Computer was Stolen. It’s Password Protected; What Files Can the Thieves See?

//
My mid-tower computer was recently stolen in a burglary. The Windows system was password protected at start-up. What files can be accessed by those trying to enter the system?

It’ll take a computer-savvy thief about five minutes to gain access to everything on your computer.

Yep. Everything.

Everything you haven’t otherwise protected, that is.

Become a Patron of Ask Leo! and go ad-free!

Physical security

There’s a fundamental concept that I remind people of from time to time. It’s simply this:

If it’s not physically secure, it’s not secure.

I normally bring that up when people have questions relating to sharing a computer, or perhaps sharing living space, and being somewhat concerned about what a roommate might or might not have access to when the computer’s owner isn’t around. Most commonly it applies to laptops and mobile devices.

The short version is that if someone has physical access to your computer, they can quickly gain access to everything on it.

Of course, computer theft is the very definition of physical access.

Gaining access

Locked ComputerThere are several ways that someone can gain access to your computer’s contents:

  • They can reboot from a CD or USB device and reset the administrative log-in password. In fact, it’s so easy, here are the instructions:  I’ve lost the password to my Windows Administrator account, how do I get it back? This is one of the things that the newer UEFISecure Boot” attempts to prevent.
  • They can reboot from a Linux live CD and access the contents of your hard drive without needing to log in to Windows at all. Again, “Secure Boot”, when it’s enabled, is intended to prevent this.
  • They can remove the hard disk from your machine, connect it to another, and once again access the contents of your hard disk without needing to log in to your copy of Windows at all.

All that should be pretty scary, mostly, because it is.

If it’s not physically secure, it’s not secure.

Keeping your data secure

So what do you do?

Well, in an after-the-fact case like you’re asking about, it’s too late. The computer has already been stolen. What’s important is that you know the data on it could be accessed by whoever has the machine now. If you have personal and confidential information on it, it’s time to assume it’s been completely compromised. It may not be. It may not be yet. It may never be. But you must assume the worst.

There are three approaches to prevention:

  • Secure the machine.
  • Encrypt the hard drive.
  • Secure your data.

Secure the machine

Securing your machine means doing things like bolting it down, attaching it to something with a security cable, or putting it in a locked room or cabinet. (Make sure that the machine has enough ventilation if you put it in any enclosed space.)

These aren’t perfect solutions, as a very determined thief might still circumvent these measures, but they’ll at least stop the casual burglar by making it easier to steal something else.

Encrypt the hard drive

Encrypting the entire hard drive using whole-drive encryption is one way to protect the contents of your entire system.

If a thief cannot log in to your machine, then booting from something else, or even moving the hard drive to a different machine completely, doesn’t help them get at your stuff. Once it’s encrypted, all they would see is random, nonsensical data.

There are two approaches to whole-drive encryption: system-provided, and third-party-provided.

System-provided solutions, like BitLocker in Windows1, use encryption keys based on your system login to encrypt the hard drive. If you can’t log in, then you can’t access your data. The bad news here is that it’s tied to your log-in account. If you lose your log-in account for any reason, you can lose access to your data. Fortunately, in BitLocker’s case you are encouraged to back up the encryption key separately, which would presumably restore access. (Of course, you should be backing up your data as well.)

Third-party tools like TrueCrypt or the supported derivatives, like VeraCrypt, also support whole-drive encryption. This is independent of your system login, and typically relies on selecting an appropriately secure passphrase to decrypt the drive and boot your system.

Important: your data is fully secure only if you log out. As long as you are logged in and are able to access your data yourself, it’s available in unencrypted form. That means you likely want to avoid states like Sleep or possibly even Hibernate, neither of which is an actual logout.

Also important: BIOS or other pre-boot passwords may or may not be a form of protection. Some, but not all, may include hard disk encryption. You’ll have to check your system’s documentation to determine what the case is for your specific machine.

Encrypt your data

The good news about whole-drive encryption is that once enabled, it’s relatively transparent. The bad news is that losing access to your data can be a tad easier, and depending on the technique, completely encrypted drives can be somewhat less resilient to hardware failures.2

The compromise is to encrypt only parts of what you keep on the machine: your data.

There are three approaches I’d consider:

An encrypted partition. This uses whole-disk encryption to encrypt only a separate, non-boot partition on which you keep your data.

An encrypted vault. This uses TrueCrypt or VeraCrypt to create an encrypted “vault” that, when in use, looks like a separate partition.

An encrypted cloud folder. This uses a tool like BoxCryptor to perform file-by-file encryption of the contents of one or more folders on your machines. While it’s intended to secure the data you place in the cloud – and, indeed, you might already be using it for exactly that purpose – it secures that data on your machine as well. There’s no requirement that you use a cloud service to use a tool like BoxCryptor to encrypt sensitive data on your machine.

It’s about more than your desktop

Everything I’ve just described applies to more than your computer at home. Yes, it could be stolen, but in reality, if you travel at all, there’s a bigger risk.

Your laptop.

For a variety of reasons, an incredible number of laptops are lost or stolen each year. On each of those is data – often sensitive data – that the thief or finder can then access should they have a mind to. (Thankfully, most do not, as they’re more interested in reusing or reselling the hardware, but the risk of data exposure remains very real.)

At a minimum, the techniques I’ve described above should be considered for any laptop or mobile PC. Applying the same techniques to your computers at home will simply give you added security from the same types of threats.

What I do

What I’ve done has changed over the years.

Originally, I simply used TrueCrypt to create an encrypted vault on my laptop, and placed all of my data in it. This was convenient for a variety of reasons, mostly involving the ability to move data around on my various devices in pre-cloud days.

Today, I use a multi-pronged approach:

  • I use BoxCryptor to secure the data I place in my cloud service provider (a service similar to DropBox or OneDrive). The side effect is that this data is automatically encrypted on all the computers on which I choose to place it.
  • I now use whole-disk encryption on my laptop. This decision came from thinking through the scenarios where whole-disk encryption adds risk, and protecting myself by backing up and saving encryption keys appropriately.
  • I went all-in and now use whole-disk encryption on my desktop. Having thought through the issues, this amounted to a “why not?” kind of decision, to increase my security should my desktop machine actually ever be stolen.

While TrueCrypt is no longer part of my day-to-day strategy, I’d have no hesitation using VeraCrypt, a supported TrueCrypt successor, if a scenario called for it.

Podcast audio

Play

Footnotes & references

1: Or FileVault, on a Mac.

2: Yet another reason to ensure that you’re backing up everything regularly.

26 comments on “My Computer was Stolen. It’s Password Protected; What Files Can the Thieves See?”

  1. I find this password protection akin to that lock on the door of your home. Enough protection against a casual passerby but pick-able to a seasoned burglar. And of course total annoyance to you when you have forgotten the key.

    I totally agree with Leo that encryption is the real protection but would add that do not leave the key on the machine itself. And don’t forget it either. Encryption works better when the key is long and not easily guessable and that includes using difficult but words in a common dictionary. That is a real temptation to leave the key somewhere near by defeating the purpose.

    Goes on to prove that it is not easy to protect your possessions.

  2. This is one reason I don’t leave my passwords for online services (like my e-mail account) on my computer. That means I have to type them in when I access those services, but no one would automatically get access just because they stole my computer.

    I have used WinZip to archive things with it’s password, and I’ve had occasion to try to break some of my old, forgotten passwords from those archives. While it is possible to do so, it probably wouldn’t have been possible if I hadn’t had additional knowledge about what was in the archives. So, I guess it gets a mixed review as a protection scheme.

    TrueCrypt sounds like a good option and I’ll have to try it.

    Thanks for the info, Leo!

  3. There is a third option, you can install a hard drive drawer (hard drive mobile rack). Envision a drawer in your kitchen. It slides on rails installed in the cabinet. You can remove the drawer from the cabinet and carry it wherever you like. You can slide a different drawer into the cabinet or reinstall the original. You can do the same with your computer. You install the slide rails in an empty bay, install your HD in a removable drawer (insert), and you can remove your HD at will (when the computer is off). Now you can lock your HD, and your encryped data, etc., in your floor safe, or hide it somewhere. Kingwin and others make them; TigerDirect and many others carry them; just google it.

    This has other advantages. You can have a Linux HD, a Vista HD, a Win98 HD, etc. Your spouse can have their own HD, each child can have their own HD, your grandkids can have one. Never again will the grandkids mess up your HD when you let them play games on the computer. They’ll have their own HD to mess up.

  4. Identity and password theft is very common those days, bringing loss to individuals and companies. Hackers sit for hours and hours trying to break passwords to log into your private accounts stealing important information such as credit card numbers among others. Now there are sofisticated tools for such tasks making life easier for hackers. It is easy to guard yourself against password and identity theft if you follow some very easy and simple steps.
    To avoid identity and password theft, we should use complex and different passwords for all of our accounts. Then comes the importance of a password manager. Use a safe password manager like EXQUIPASS to remember those complex passwords. Also we should keep in practice changing our passwords every week or every fortnight. For that, we definitely need a password manager. I prefer Exquipass since it is straight forward and secure. Link for this is: http://www.exquisysltd.com/productinfo.php?p=DA01EX
    With a tool like Exquipass, you can leave your password file everywhere, nobody will be able to get your passwords even if it is left on your computer. It strongly encrypts your private data and the best way to protect sensitive is definitely encryption.

  5. I forgot to add!! With Exquipass, you can even carry your password files on an external media so if your computer is stolen, you can easily retrieve your login details later.

  6. I agree with Guy and add this: for non-Windows OS’s you can have your HD as a UFD(flash drive) which is more easily carried around. Not only this, let the kids learn about an operating system that has most of the capabilities they actually need: e-mail, video/audio players, Internet access.
    There are limitations, but let them explore the “free” world a bit before they become a close-minded drone of Microswab or Crapintosh.
    Of course, there are numerous professional software programs(as well as a large number of entertainment applications) strictly functional and optimized for the paid OS’s.
    I would like to have the hard drive in my laptops safely and easily(quickly) removed from time to time. Guy’s suggestion would allow me to both keep my OS hard disk in safe custody(namely, my own keeping) and to connect it to another for backup purposes.

  7. also i believe if the theif knows about the startup menu then they can access if put th computer in safe mode then go in and change the password and restart the computer enter there new password and access anything on that computer

  8. I find it hard to believe that the admin password can be changed from safe mode? But what if the system setup is password protected and booting from anything other than the HD is disabled?
    My PC was just recently stolen and I’m hoping that having the system setup pword protected, windows admin pword protected, and most of my folders windows encrypted, will at least make it hard enough that they will give up? My understanding is that if they can’t get into setup, then they wont be able to boot from the CD and run anything that will llow them to view files etc???

    They could remove the hard drive and place it into a machine that is not BIOS password protected, and then use a administrator password reset utility to gain administrative access to the contents.

    Leo
    25-Sep-2010

  9. Quick followup question: Suppose I have legitimate full disk encryption enabled (one way or another) and I step away from my computer for a moment. The screensaver activates. A thief takes the computer and tries to get past the screensaver password prompt.

    Is the data still safe in this scenario? I’m guessing this is a bit of a stupid question, but it’s because I don’t understand some aspects of individual-file vs. whole disk encryption.

    Thanks!

  10. @JBL
    If the thief gets through the screensaver password without turning the computer off, it’s possible that he can access your files depending on the encryption settings.

  11. One thing I’d add that you should do after you’ve had your computer stolen: change the passwords to all of your important internet accounts. In most cases, this probably is overkill, but you never know if you have the passwords residing somewhere on your drive.

  12. Absolutely everything on my computers are in Dropbox. I realise that this would be accessible once a thief got into my system but if I was able to change the Dropbox password very quickly would this do the job?

    • Changing your Dropbox password quickly is definitely something you’d want to do and would prevent others from accessing. That said, most people have local folders synced with Dropbox, meaning the files are both on the laptop/PC *and* Dropbox. If this is your case, then the thief still has access to the files themselves. Unless, as Leo stated, you have your local files encrypted.

  13. The chances are just as good that the thief just wants to fence the hardware and stealing your identity etc isn’t as important as wiping it and selling it to somebody cheap where it ends up on Craigslist as a ‘refurbished computer’. Fencing the physical hardware is a lot less risky than going through the trouble involved in extracting your identity vs. just breaking it up for parts sales or wiping, I would stand to bet.

    Think of the jail time for ID theft compared to petty theft (or is it petit? I’m not Perry Mason, although one of my classmates was the chief of police for over 20 years).

  14. Chromebook and a good password. Even if you lose the device, you get to keep your data.

    Remember, it’s not the device that has the value, it’s the data your device contains that’s the really important stuff.

  15. My data is stored on CCD hard drives. CCD’s produce neglible heat so they do not need cooling and therefore operate in an enclosed space. My hard drives are located in a locked, fire proof safe bolted to an external wall and are accessed using simple extension cables that pass through small holes drilled in the safe (of course some cutting and joining of cables is required to keep the access holes to minimal size so as not to compromise the fire proofing of the safe). If my computer is stolen, or the house burns down, only the hardware (minus hard drives) is lost; the data and the discs are in the safe from all but extreme circumstances.

  16. WOW, someone else as diehard as I am – put the drives in a SAFE!
    I did that; western digital MyCloud, and also an attached USB drive.

    I use Syncovery, a synchronization program which can encrypt/zip the destination files, so even if they broke into the safe, the files are encrypted.

    I use Bitlocker on newer windows 10 machines, for encryption; I use Veracrypt for some external USB drives.

    for people that state that encryption/protection is hard; it is only inversely as hard as your desire to protect your data. if you put in redundant backup methods, with encryption on that end also, such as zipped files, drivecrypted files, etc, keep your bitlocker password/file stored separately, keep passwords in a password manager program such as KeePass, you’ve done everything you can to protect yourself up to an Electromagnetic Pulse attack !

    it is a pain sometimes to follow all this stuff, but the reason you ahve to do this is not because of you or your use of the machines, but because of the scammmers/hackers/thiefs that want to steal your data. So, if your data is valuable (and PHOTOS are valauable, if a ransomware attack screws up your photo collection, you lose family photo’s), then you need to take steps to protect it.

    but once you get into the habit, it is not too bad

  17. My family think I’m paranoid because I take my laptop with me every time we leave the house. If someone remains at home, i might leave the laptop, but take my flash drive which has a copy of everything on the laptop.

    We have other laptops which remain in the house sitting very visibly on the table, despite the fact we have previous experience of laptop theft from the same location. No one is listening. They prefer the convenience of starting back just where they left off without having to set up and log back on again.

  18. As a disabled (TBI) victim of “ID-THEFT”, I wish to ask Leo a VERY SPECIFIC question about someones’ mal-intentions in taking a picture of my PC during the “boot-up” phase & most certainly would make a pledge. My financial institutions accounts compromised numerous times this year tell me he wasn’t “HELPING” me but perhaps himself & if the answer(s) lead to arrest I would more than pledge as ever since I saw your site I have been looking for it 3 months! I will pledge regardless just to hear your feedback as I was deceptively taken advantage of when the person knows my disability and I now have heard there is a pattern here. I ask your personal feedback 1st and not to be published please. Respectfully, FRUSTRATED IN CT (Attorney & FTC involved)

  19. Is there any way to TRULY wipe a hard drive (or any kind of storage device) because ALL current systems of data I know of only OVERWRITE every thing with random characters?
    That results in loss of total storage capacity of the hard drive or storage device.

    • Wiping doesn’t use up any of the drive’s storage capacity. The only safe way to wipe a hard drive is to overwrite the drive with random characters. When this is done, the overwritten space is made available to the system to write new files.

  20. My laptop was held for Ransomware last week by a individual who passed himself off as a technician with Acer. I had to agree to
    pay him to be able to access my computer He has threatened me that if I do not pay he will prevent me to be able to access my
    laptop. My question is can he still have access to the computer if it is locked and not connected to the Internet. I removed it from
    the Internet. I just purchased this laptop in April 2018 and invested a good amount in it. I al also getting my Internet provider to
    change my IP address as a precaution. My question for you is can anyone access the computer if it is locked and not connected
    to the Internet

    • As long as you remove the malware, he won’t be able to access your machine. Unfortunately the only way to be 100% sure the malware has been removed it to do a complete reinstall of Windows and all of your programs from scratch.
      https://askleo.com/how_do_i_remove_malware/

      To reinstall Windows, take a system image backup, perform a reformat and install of Windows, install all of your programs from their installation media, and finally, copy all of your usable data files from the backup. If they’ve already been encrypted by the malware, there’s no need to restore them because they’re unrecoverable.
      https://askleo.com/how-should-i-back-up-my-computer-before-an-operating-system-upgrade/

      Once everything is restored, do a system image and daily incremental backups to be able to recover from almost anything which can happen to pour computer.

      If you had a system image backup, you would have been able to restore to a point before the malware was installed.

    • It depends on the ransomware, but typically once your computer has been infected by this malware it doesn’t matter if you’re online or off. When it’s not connected to the internet it cannot be connected to via the internet.

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.