One of the best ways of keeping people out of your private accounts or preventing unauthorised local access to your personal information is by not letting them on your Desktop or Laptop in the first place, but how do you go about it? Well, it’s straightforward, you create a password! Is that it?, well ‘sort of’, is the response I usually get. Of particular interest is one of the most common misconceptions “I like to call it – False Sense of Security!”, that is, colleagues who usually boast their user profiles are impenetrable because they have ten+ (10+) character long passwords, but then again, what happens if passwords fail you? Ask me and I will tell you it’s simple! Securing your data with VeraCrypt is a good starting point!
Keeping one’s personal information or data safe doesn’t have to be difficult for as long as you keep the sensitive stuff encrypted and under your control. VeraCrypt is an open source based disk encryption and decryption software that was developed to handle this! It runs on Windows, Mac OS X and Linux Operating systems and is a descendant of TrueCrypt. It’s developers claim to have addressed some of the issues that were raised during TrueCrypt’s initial security audit (see earlier post on TrueCrypt).
Some of its features are entire drive or storage encryption, that is, full hard drive, USB / External drive encryption. With VeraCrypt one can also encrypt a partition or drive where Windows is installed and even create a hidden partition within another partition, let alone hide volumes on data discs. It must be noted though that, Windows 8 with UEFI or GPT is not supported. VeraCrypt is praised for being an on-the-fly encryption tool, as your files are only decrypted when they’re needed and they’re encrypted at rest at all other times! Basically, noone can steal / read / edit your data on the encrypted volume without using the correct password or keyfile(s). The entire filesystem will be encrypted including file names, folder names, contents of every file etc. That being said, and to reiterate, Passwords are not bad! The problem most users overlook is they tend to forget that, in the event that one’s laptop is stolen or is temporarily seized or taken away from them (for a considerably long period), the following can happen (assuming the Hard Drive or Partition with sensitive data is not encrypted using VeraCrypt):
- The Local password can be reset (using Password reset utilities) on the desktop or laptop, which enables unauthorized users to be able to login to your profile and access your sensitive data.
- The internal hard drive can be taken out and plugged into another machine as an example, and information on the drive can be copied across to or accessed from another machine.
The following can happen, assuming the Hard Drive or Partition with sensitive data is encrypted using VeraCrypt:
- In the event the Local password is reset on the desktop or laptop, the unauthorized user will not be able to access any sensitive data unless they know the password / have key file decryption key of the encrypted volume.
- In the event they take the hard drive out they wont be able to access anything as the contents of the drive are encrypted rendering the drive useless from a data access perspective. Usually when the drive is plugged in, it shows up as an empty drive.
- If pre-boot authentication is in place, one will not even be able to get past boot up, which prevents unauthorised data access of the whole drive.
That being said, some security concerns have been raised;
- VeraCrypt can not secure your data in the event that your Desktop or laptop has been physically accessed by an attacker and the unauthorised attacker installs key logging capable software and VeraCrypt is used again by user.
- VeraCrypt can not secure your data in the event that the user has keylogging Malware running on their Desktop or Laptop.
Clearly in both scenarios the Keylogger captures the decryption password that can then be used to access your encrypted volumes or drives. I recommend the use of VeraCrypt with an Anti-Keylogger software to help in such situations / as an added layer of security.
Unfortunately, I will not post a step by step tutorial on how to install VeraCrypt but feel free to visit VeraCrypt’s site for a detailed installation documentation. Talking from personal experience, at one point (not long ago) I was a victim of theft but all I can say is the “Tsotsi’s” got away with my two (2) desktops but NOT my data as both PCs had full drive encryption. What I mean to say is, I was only worried about the useful data I lost as it had taken me years to collect it but NOT at all worried about my data being accessed.
VeraCrypt is a must have and useful tool if data confidentiality is top priority for you. Unfortunately and honestly speaking, Laptop or Desktop theft is inevitable and likely to happen to anyone at one point in their life, wanna have that peace of mind from a Data Security perspective when your time is up? Securing your data with VeraCrypt is the way to go, you will not be disappointed!