• Home
• About
• Password Organization
• Securing Your Data
• Cloud Storage

Securing Your Data With Encryption

What is Encryption?

My dad had his laptop stolen a while back.  What really made me feel bad was that he had lots of personal files on there – family pictures, work documents, emails, etc.  The laptop thief can very easily access and browse these files.

Even though my dad used a password to access Windows, the thief should have no trouble accessing his files in a number of different ways, two of which are very obvious and easy:

1. The thief can create his own Windows login and browse the hard drive
2. The thief can remove the hard drive, and plug it in to another computer.  He can then use this computer to access the files

The reason it’s so easy for the thief to access the files is because the average home computer or laptop stores data in an unencrypted fashion.  Encryption is simply a way of jumbling up your files so that only with a special password can you read those files.

Imagine you wrote down a word like “cat”.  Pretty easy to read, huh?  But what if instead you wrote down “3.1.20”, the numbers corresponding to the letter of the alphabet they represent (so “c” is 3, etc.).  This would be a very basic form of encryption.  To protect your files, computers can actually do much more secure encryption (think of turning each character of your data in to 256 characters of seemingly jumbled garbage), and do it on-the-fly!

If your computer uses encryption, every time it writes some data to the hard drive it will first turn it in to a long series of characters.  Every time it reads this data, it will automatically turn it back in to your unencrypted data.  Remember: computers are good at one thing above all else – math.  The computer will do all this heavy lifting without you even knowing it’s there.

Going back to my story, if my dad’s laptop had its hard drive fully encrypted, the thief would not be able to access anything.  All the files on the hard drive would just appear to be a jumbled mess of characters.  Without the encryption key (essentially the password used to turn the jumbled data back in to regular data), the thief would never be able to read my dad’s files.

How It Works

To encrypt your data, you typically just set it up once using some software.  Once the encryption is set up, you’ll never really notice it’s there anymore – your computer runs like usual.  The once exception is that going forward you’ll have a password you need to type in to access your computer (literally the second you turn on your computer, it will ask for this password…even before Windows loads).

Important Note: Encryption can be a bit dangerous.  If you encrypt your hard drive and then forget the password/encryption key, your data is lost forever.  No one will be able to recover it.  For this reason, it is crucial that you do not forget your encryption password or at least write it down in a secure location.  I keep my encryption keys stored in my safety deposit box (since hopefully I’ll never need to refer to them).  Writing them down and sticking them to your computer would completely defeat the purpose of encrypting your data.

There are two main methods that everyday people can use to encrypt their hard drives: Windows BitLocker and TrueCrypt.

Windows BitLocker

Windows BitLocker is built in to the “Ultimate” edition of Windows 7.  (If you ever wondered what the difference between Windows 7 “Starter”, Windows 7 “Home Premium”, Windows 7 “Professional” and “Windows 7 Ultimate” were, BitLocker is one of them.)

As you can see from this screenshot, BitLocker looks and feels very much like the rest of Windows.  It’s also pretty easy to set up.  You just launch BitLocker and click the “Turn On Bitlocker” button.  BitLocker then walks you through some options (such as picking a password) and you’re ready to go.

BitLocker has two annoying characteristics which make me not recommend it:

1. Most everyday users do not have Windows 7 Ultimate edition installed, and hence do not have BitLocker.  In order to get it, they would have to upgrade Windows to the Ultimate edition, for a cost of usually around $100
2. You typically need to have a special microchip called a Trusted Platform Module (TPM) installed in your computer in order to encrypt your main system drive (the hard drive letter that Windows is installed on, which for most people is C: or the “C Drive”).  Without a TPM, you’ll need to use a workaround to get BitLocker to encrypt your system drive and you’ll need to have a USB stick plugged in at all times to use it.  This is way too confusing for the everyday user!

TrueCrypt

TrueCrypt is an open-source (i.e. free for public use) encryption program.  It works very similar to the way BitLocker works – you set it up, and then forget about it (except for the password when you start your computer).

TrueCrypt is free, it doesn’t require you to upgrade Windows, it doesn’t require a special TPM chip (like BitLocker does), and it will actually install on most versions of Windows (as opposed to just the latest ones).

You can download TrueCrypt here: http://www.truecrypt.org/downloads

Once installed, it looks likes this.  Since it is not a Windows program, it unfortunately does appear a little more daunting than BitLocker.  Believe it or not, it’s actually pretty straightforward to encrypt your system drive (for most users who just have one “C Drive”, this will accomplish the task of encrypting your whole system).

Just click the “System” menu and then click “Encrypt System Partition/Drive”.  TrueCrypt will then walk you through the installation process.  As part of the installation, TrueCrypt will force you to burn a recovery CD (or DVD).  This disc will be the only method you can use to recover your data if your hard drive gets damaged.  Knowing the password/encryption key will NOT be enough.  I store my recovery CD in my safety deposit box, right next to my written down password/encryption key.

Once done, your computer will now display this TrueCrypt password screen as soon as it turns on.  You simply type in your password/encryption key and hit Enter.  Your computer then boots as usual.

If a thief eventually steals your computer, this unassuming and austere screen will inform him that no matter what he does, there is no way he will ever read the contents of your hard drive.  You gotta love that!