the power-on password will only prevent the machine from booting.   it will not protect any data.

full disc encryption will protect your data.   if the drive is installed in another machine, a password will be required for it to work.   if the password is lost then the data is as good as gone and there is no way to recover it.

the safest way to utilize FDE is to keep backups at home or off-site (via NAS or otherwise) and use the FDE-enabled drive when traveling or away from home/office.   this way, if your thinkpad is lost or stolen then your data is safe yet you have full backups available.

i have an FDE drive with a basic OS and application installation that i only use when on the road.   i copy current project files to it shortly before the trip and sync when i get home if anything has changed.   it's safe and i don't have to worry if anything is damaged, stolen, or my password is lost.

As mostly with everything in life, there are pros and cons related to all sort of data protection schemes. At least in therory, everything that can be encripted may also be decripted in some way, be it via reverse engineering or some other technique. - But of course some sort of protection is always better than no protection at all, especially if you deal with lets say sensible data.

The power-on password is not a full data protection at all, to get an idea of the different password protection schemes  take a look at the following short descriptions here...

--> http://www.tech-faq.com/ibm-thinkpad-bios-password.shtml

...there are some ways to reset a power-on password and informations how to do so can be found on the net. Further it doesn't help much if somebody takes out the whole harddrive of your Thinkpad.

Performing a full HDD encription, via an embedded ATM hardware chip inside the Thinkpad, or even using some OS related encription mechanism would be more secure for sensible data, as long as you don't get hardware or software trouble with those parts, which are responsible for the build-in encription/decription scheme. So it's always also a good idea to also perform additional periodically backups of your sensible data, so if some worst case scenario might appear, that you are still be able to restore your valuable data.

Hope this gives you at least a little idea about the pros and cons of both of these security schemes.



Message Edited by vkyr on 02-19-2008 01:48 AM

Above where I wrote ATM chip, I meant of course instead the Trusted Platform Module (TPM) chips, which are embedded on certain Thinkpad models.

trisha, for business travel i use a 100GB hitachi 7K200 with BDE with windows vista ultimate x64.   i find 100GB is plenty for the OS and my important applications (autocad, solidworks, illustrator, photoshop, lightroom, and office) with about 50 GB of free space for files.


Message Edited by erik on 02-19-2008 12:02 PM

part numbers for the various bulk hitachi BDE drives can be found on this page.   i couldn't find any info on 7200RPM seagate FDE drives, only 5400RPM.   i prefer hitachi anyway.