Support in other languages: 
Showing results for 
Search instead for 
Do you mean 
Reply
Punch Card
TrishaK
Posts: 50
Registered: ‎02-18-2008
Location: USA
0

Does the power-on password fully protect user data?

Hi,
 
I am a T61 user.
 
First question
 
Does the power-on password fully protect user data, or could someone just boot from the optical drive or another source?
 
 
Second question
 
If I were to use full disc encryption, could I easily unecrypt it in the future?
 
Thanks in advance!
 
community supermod
erik
Posts: 5,018
Registered: ‎11-23-2007
Location: United States
0

Re: Does the power-on password fully protect user data?

the power-on password will only prevent the machine from booting.   it will not protect any data.

full disc encryption will protect your data.   if the drive is installed in another machine, a password will be required for it to work.   if the password is lost then the data is as good as gone and there is no way to recover it.

the safest way to utilize FDE is to keep backups at home or off-site (via NAS or otherwise) and use the FDE-enabled drive when traveling or away from home/office.   this way, if your thinkpad is lost or stolen then your data is safe yet you have full backups available.

i have an FDE drive with a basic OS and application installation that i only use when on the road.   i copy current project files to it shortly before the trip and sync when i get home if anything has changed.   it's safe and i don't have to worry if anything is damaged, stolen, or my password is lost.

ThinkStation C20Microsoft MVP
ThinkPad X1C · X220 · X60T · s30

Punch Card
TrishaK
Posts: 50
Registered: ‎02-18-2008
Location: USA
0

Re: Does the power-on password fully protect user data?

Erik,
 
Thank you very much!
 
May I ask what type of FDE, OS, and application that you use?
 
Very much appreciated.
Retired Moderator
vkyr
Posts: 298
Registered: ‎12-12-2007
Location: Germany, near Hamburg
0

Re: Does the power-on password fully protect user data?

[ Edited ]
As mostly with everything in life, there are pros and cons related to all sort of data protection schemes. At least in therory, everything that can be encripted may also be decripted in some way, be it via reverse engineering or some other technique. - But of course some sort of protection is always better than no protection at all, especially if you deal with lets say sensible data.

The power-on password is not a full data protection at all, to get an idea of the different password protection schemes  take a look at the following short descriptions here...

--> http://www.tech-faq.com/ibm-thinkpad-bios-password.shtml

...there are some ways to reset a power-on password and informations how to do so can be found on the net. Further it doesn't help much if somebody takes out the whole harddrive of your Thinkpad.

Performing a full HDD encription, via an embedded ATM hardware chip inside the Thinkpad, or even using some OS related encription mechanism would be more secure for sensible data, as long as you don't get hardware or software trouble with those parts, which are responsible for the build-in encription/decription scheme. So it's always also a good idea to also perform additional periodically backups of your sensible data, so if some worst case scenario might appear, that you are still be able to restore your valuable data.

Hope this gives you at least a little idea about the pros and cons of both of these security schemes.



Message Edited by vkyr on 02-19-2008 01:48 AM

ThinkPad T60/X32/600/770 · IBM IntelliStation · 3x IBM SpaceSaver II

Punch Card
TrishaK
Posts: 50
Registered: ‎02-18-2008
Location: USA
0

Re: Does the power-on password fully protect user data?

Thank you, Vkyr!
 
Your information has proved very helpful!
 
 
Retired Moderator
vkyr
Posts: 298
Registered: ‎12-12-2007
Location: Germany, near Hamburg
0

Re: Does the power-on password fully protect user data?

Above where I wrote ATM chip, I meant of course instead the Trusted Platform Module (TPM) chips, which are embedded on certain Thinkpad models.

ThinkPad T60/X32/600/770 · IBM IntelliStation · 3x IBM SpaceSaver II

community supermod
erik
Posts: 5,018
Registered: ‎11-23-2007
Location: United States
0

Re: Does the power-on password fully protect user data?

[ Edited ]
trisha, for business travel i use a 100GB hitachi 7K200 with BDE with windows vista ultimate x64.   i find 100GB is plenty for the OS and my important applications (autocad, solidworks, illustrator, photoshop, lightroom, and office) with about 50 GB of free space for files.


Message Edited by erik on 02-19-2008 12:02 PM

ThinkStation C20Microsoft MVP
ThinkPad X1C · X220 · X60T · s30

Punch Card
TrishaK
Posts: 50
Registered: ‎02-18-2008
Location: USA
0

Re: Does the power-on password fully protect user data?

Where could one purchase such a drive, Erik?
 
Thanks.
 
Trisha
 
community supermod
erik
Posts: 5,018
Registered: ‎11-23-2007
Location: United States
0

Re: Does the power-on password fully protect user data?

part numbers for the various bulk hitachi BDE drives can be found on this page.   i couldn't find any info on 7200RPM seagate FDE drives, only 5400RPM.   i prefer hitachi anyway.

ThinkStation C20Microsoft MVP
ThinkPad X1C · X220 · X60T · s30

Punch Card
TrishaK
Posts: 50
Registered: ‎02-18-2008
Location: USA
0

Re: Does the power-on password fully protect user data?

Thank you, Erik!
 
Trisha