With power-on passwords and login passwords available, what's the value of hard drive encryption?

Anyone who's determined to gain access to a drive is going to be able to bypass BIOS passwords or Windows passwords in just a couple of minutes. There are tools available to actually automate the process

Requires Free Membership to View

in both areas. I've written about it, and there's some pretty extensive resources available about bypassing BIOS passwords and how to crack operating system passwords.

Storage security information
Compression, deduplication and encryption: What's the difference?

Mobile device security in six simple steps

Five must-have storage security testing tools

The fact is most people don't use power-on passwords anyway, because it's just too inconvenient. Many of the computers I see don't even have passwords to log on to the local operating system or into the network. And, if they do, all it takes is using a tool, such as the free Ophcrack LiveCD, and literally within a matter of minutes passwords can be cracked or reset and the hacker has full access to the system and the drive. There are even ways to access large storage environments by breaking into management consoles, gaining access to servers using Metasploit, etc.

So, to answer your question, storage encryption is the final layer of protection when all of these other things have failed.

Check out the entire Storage Encryption FAQ guide.


This was first published in October 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: