howtogeek at April 25th, 2013 06:42 — #1
Originally published at: http://www.howtogeek.com/161444/htg-explains-why-a-windows-password-doesnt-protect-your-data/
So you’ve set a password on your Windows laptop or desktop, and you always sign out or lock the screen when you leave it alone. This still won’t protect your data if your computer is ever stolen.
themike at April 25th, 2013 11:56 — #2
i've always used truecrypt on my notebook hard drives. without the boot cd, they only thing left to do is reformat and install am operating system. i've gotten past windows log in passwords by booting with a linux cd and having access to everything.
king_wiemann at April 25th, 2013 12:56 — #3
If your hard drive (files) are encrypted with local encryption, how does that work if they are also in the cloud (e.g. Google Drive or Skybox)? Do I need to have that encryption application installed on whatever other computer I use to access my files in the cloud?
iszi at April 25th, 2013 14:01 — #4
If you only use whole-disk encryption, your data is encrypted locally but will be unencrypted in the cloud. This also means that it will be unencrypted on any other system it is downloaded to, unless that system uses whole-disk encryption.
If you use file-level encryption, or upload encrypted volumes instead of individual files, then your data will be protected both locally and in the cloud. It will also be encrypted on any other system you download the data to, and that system will have to have comparable encryption software (and whatever authenticators you've configured) in order to read the file.
geek at April 25th, 2013 14:57 — #5
Wouldn't Dropbox or Google Drive be reading the unencrypted version of the file just like any other application? Assuming you are using the built-in Windows encryption, at least.
iszi at April 25th, 2013 15:05 — #6
I'm not 100% sure, but I think you're right. In this regard, the built-in Windows file encryption (that is, encryption of individual files via EFS as opposed to whole-disk encryption via BitLocker) probably functions similarly to whole-disk encryption. The data will be sent out in its decrypted form. (I should test this to verify, sometime.)
Similarly, sending individual files from a TrueCrypt volume (including individual files from a drive using TrueCrypt whole-disk encryption) will result in those files being stored unencrypted in the cloud. The way to protect those files in the cloud would be to actually upload the volume itself.
ecurb at April 25th, 2013 18:40 — #7
One good thing is that passwords kept by Internet Explorer and Chrome are encrypted using the windows login password. If someone resets the password of just directly accesses the file system your passwords are still encrypted using the (original) password and so won't work (e.g., auto completion) on sites visited.
mark1 at April 26th, 2013 08:57 — #8
The files need to be stored encrypted if you are moving them to the cloud if you want encrypted security. Copying the files, from an encrypted volume while it is open, will not store the files in encrypted format. The encryption of the cloud provider, if any, is for their protection, not yours.
Whether you can perform volume level encryption or individual file encryption would probably depend on the cloud you're using. Likely only an issue with the former as you can usually nearly any type of file to the cloud
iszi at April 26th, 2013 09:05 — #9
Very well put. I'll have to remember that.
If you allow the cloud provider to handle encryption for you, you're putting a lot of trust in the provider and its employees. If they want, they can have just as much access to your data as you do unless you use also your own encryption tools.
donaldbailey at April 29th, 2013 07:51 — #10
If you want your files encrypted in the cloud try using https://www.boxcryptor.com/
iszi at April 29th, 2013 09:58 — #11
That's a nice solution, indeed. I love that it appears to do per-file encryption so that you can download individual files without having to do the whole volume at once.
However, aside from that, it is worth noting that you can get all the features of the paid version of Boxcryptor, and more, for free with TrueCrypt. It might not be quite so elegant in terms of working with cloud storage providers, but it's just as effective at protecting your data and it will let you protect as much of your data as you want for free.
The only other very notable restriction in TrueCrypt vs. Boxcryptor is that there's no official app for mobile devices. However, since TrueCrypt is open source, it's very possible (likely that it's already happened, even - I'm just too lazy to look right now) that someone could write their own compatible app.