How is it possible that you can change your Windows password without re-encrypting a hard disk that was encrypted using that password?
I’ll assume you mean BitLocker whole-disk encryption, but the concept applies to many different encryption tools. You can often change the password (or passphrase) without needing to re-encrypt whatever it is you’ve encrypted.
The secret is simply this: your password wasn’t used to encrypt the disk.
One of the hidden issues in online storage is privacy. Almost all online storage providers have the ability to examine your data or hand it over to law enforcement even if the provider has encrypted your data.
Hopefully, most of us will never have to deal with the law-enforcement scenario, but even the realization that a rogue employee at an online data storage provider could peek into what we keep online can cause concern. For some, it’s enough concern to avoid using cloud storage at all.
The solution is simple: encrypt the data yourself.
Unfortunately, implementing that “simple” solution isn’t always that simple or transparent, and can add a layer of complexity to online storage some find intimidating.
BoxCryptor is a nicely unobtrusive encryption solution that is free for personal use.
I regularly hear concerns about using cloud storage — the biggest being that online files are at higher risk of compromise should your account or the storage be hacked. There are also concerns that your storage provider could be required to hand over your files to law enforcement agencies under certain circumstances.
Those are all valid concerns.
Cryptomator is a free encryption solution that addresses them.
How does one secure a hard drive while sending the computer to a repair facility? I have personal financial information on my hard drive and will just a password provide sufficient protection while the computer is in the shop? After the fact, is there maybe a way to find out if someone has copied the files?
What you’ve presented is actually quite a dilemma.
To answer the second part first: no. There’s simply no way to determine if your files have been copied – at least not in any way that absolutely says they were copied with malicious intent.
The problem is, there’s really no fool-proof solution to your scenario. In fact, I’ve heard of companies occasionally electing not to repair a hard drive, because it meant that sensitive data might be visible to repair technicians.
Your options to secure a hard drive are limited, but if you can plan ahead, there’s a chance.
Hi, Leo, when I logged on to eBay it’s using https. But when I then move off the sign-in page, it’s evidently no longer https; it’s plain old http. If we’re traveling and we use Wi-Fi, will our eBay activities be secure?
Your instincts are right. An http page does not provide a secured connection. This is a very important thing to realize about the difference between http and https. The fact that eBay uses https for the login means that yes; your login at least is protected. That means someone in an open Wi-Fi hotspot, or with some other kind of network access, can’t easily sniff the traffic and determine your eBay login credentials. That’s a good thing.
However the fact that after you log in it switches back to http means that the rest of your activity is not protected by encryption.
Before I raise heck in the house, would you please answer a question? We have several computers in our home. Recently, I have seen “Spy PC 7.0 Quick Start Guide” in the home. I don’t mind if the owner of this booklet uses it on his/her machine, but not on anyone else. Can this be installed on other personal computers (which are usually password locked)?
The short answer is yes, absolutely. I think you’re right to be concerned.
I also think there’s an exceptionally important lesson here for everyone.
I often talk about computer failures of various sorts and what you should be prepared for: the crash that happens just before you save your document to disk, the failure that renders a disk completely unreadable and unrecoverable, or the computer that dies the true death taking all of your data with it.
You know the drill. Hopefully by now, you’re prepared for that.
But by being prepared for that, you’re actually only ready for one half of a somewhat-related disaster.
What identifying signatures are given off by my laptop when I’m connected to a wireless network? I’m sure that my WiFi card, hard drive, Windows ID, and other identifying information is broadcast, but what is it? Would I guess that a traffic sniffer would show the make and model of my computer? Or does it go deeper than that?
Actually, it doesn’t go that deep at all. In general, it’s not as much information as you list… as long as you’re doing things right.
When I travel and use a site like Hotspot Shield or another service, how does my information get encrypted? Does the site send an encryption key that encrypts my data before it leaves my computer and then decrypts it with a key only it and my computer knows?
I have the same question regarding my “secure” online banking transaction when I’m at home on my secured wireless network. Does the bank send my computer a key to encrypt my data before it leaves my computer to go through my secured wireless LAN? I plan to travel overseas shortly and I’m very concerned about using my computer for sensitive transactions while overseas.
You’re mostly right, but you’re also overlooking an important step in that process. How do you exchange that encryption key securely before the encryption has been set up?
In other words, how do you send someone a password securely if the only thing that they would have to make it secure is knowing that password before they got it?
The problem is that you need to encrypt to exchange data securely, but you can’t encrypt until you’ve exchanged the encryption key. It’s a classic chicken and egg problem.
Let me explain what happens here at a very high level.
My business requires the emailing of some sensitive information on a regular basis. I have spoken with my boss and co-workers about all of us using an encrypted email system, but no one seems to think there is a significant threat or danger out there to require these extra steps in security. Can you offer any data to help me convince them that this is a good idea?
Actually, I don’t have hard data to say one way or the other. The risk varies too much on too many factors to really present data that’ll apply in any specific situation.
But we can definitely look at some of the specific factors.
TrueCrypt comes up frequently in Ask Leo! answers. Many people are concerned about things like privacy, identity and data theft, particularly on computers or on portable devices where they might not always have total physical control of the media.
Someone might gain access to sensitive data stored on your computer.
Encrypting your data renders that access useless, even when your computer or your thumbdrive falls into the wrong hands.
And TrueCrypt makes it not only easy, but nearly un-crackable.
Since TrueCrypt development has halted and no fix is likely forthcoming, I can no longer recommend its use.
My tentative understanding is that VeraCrypt is a free, compatible, and supported alternative, based on a fork of the original TrueCrypt code. And yes, these most recent vulnerabilities are supposedly fixed therein.
IMPORTANT: On May 26th, 2014 TrueCrypt development was abruptly and somewhat mysteriously halted. While I still use and recommend TrueCrypt, please also read Is TrueCrypt Dead? for what happened, and any late-breaking updates.