« Back to Blog

Securing Your Computer with Full Disk Encryption

By Jonathan Robertson
Dec 19, 2016

Several years ago, my wife and I had our world rocked a bit when someone broke into our house. They took some inconsequential things here and there, but the truly dangerous item they snagged was our MacBook Pro (our primary computer at the time).

We reacted by changing all of our passwords and marking it as an ‘unsafe computer’ on the services with that kind of feature. We also turned on the “Find My Mac” feature and set it to wipe the hard drive immediately upon detection, but it never showed up on the internet.

At that point, there was nothing more we could do to protect our data and we had no assurance of its safety. We could only hope the thief reformatted our hard drive before hawking it.

The Problem

Have you ever worried about what might happen to the data on your computer if it got stolen?

The user login page for Windows can’t protect your data in a significant way if your computer is stolen and the same is unfortunately true for macOS.

A Solution: Full Disk Encryption

While it would be ideal for your computer to never get stolen in the first place, this kind of thing will sometimes just happen.

Setting up full disk encryption ensures that all of the data on your drive is encrypted - your documents, videos, pictures and even those files your programs store automatically (such as your browser’s cache and cookies).

This isn’t the only solution out there, but it’s a darn good one and certainly goes a long way to put my own mind at ease.

Key Safety and RAM

Full disk encryption keys (passwords used to encrypt/decrypt data) do stay in RAM when your computer is locked or in sleep-mode. This leaves your key(s) vulnerable to things like a Cold Boot Attack.

If you need to step away from your computer for an extended period of time and you use encryption, it’s generally recommended to go into Hibernation-Mode or power down. Hibernation will dump your RAM to a file on your hard drive (requiring you to enter your key again on wake) while powering down flushes your RAM.

VeraCrypt (Windows, macOS, Linux)

VeraCrypt is standalone program forked from the no-longer-maintained TrueCrypt. So far, it’s done a great job of addressing the vulnerabilities of its ancestor (ref: 1, 2) and is actively maintained/developed by the fine people at IDRIX.

Availability
Recovery

During setup, you’ll be required to create a rescue disk to protect against the boot-loader or other components of your operating system becoming damaged. This doesn’t decrypt your drive or volume, however.

BitLocker (Windows)

BitLocker is a full disk encryption solution built into Windows that’s commonly recommended for its convenience.

Recent Security Vulnerability

Within this past month, BitLocker has come under scrutiny due to a serious vulnerability. Microsoft is usually good about addressing security issues and, as the article states, a fix is currently being worked on by Microsoft.

Availability
Recovery

FileVault (macOS)

FileVault is a full disk encryption that’s built into macOS and generally recommended for the same reasons BitLocker is for Windows users.

Availability
Recovery
Bonus

You may want to take this a step further and set up a Firmware password, which would prevent a thief from reaching your recovery options in the first place. This also has the added benefit of requiring the firmware password before your drive can be reformatted (i.e. to wipe and prep for sale).

Hope you find these tips helpful, you can never be too safe when protecting your data!