What Data Can a Thief Get from a Stolen Phone or Laptop?

I never really travel that much with my laptop, but recently a family member got robbed at the airport, so I started thinking about this subject. I wonder if you guys have taken any precautions against laptop theft? With that I mean, do you guys secure your data?

https://www.howtogeek.com/359125/what-data-can-a-thief-get-from-a-stolen-phone-or-laptop/

 

Wow, so no one cares about this subject? I was actually shocked that Windows PC's are so badly protected against this. Basically, only on Windows Pro you can use BitLocker. It's not clear to me if macOS encrypts all or most important data with the FileVault feature.

 

Full Bitlocker encryption on Windows and encryption on Linux. My mobile phone is provided by my employer and they have it locked down like Fort Knox, so no concerns with it.

 

OK, so you are using Windows Pro. But do you encrypt all data, or just certain folders? And do you see a performance hit? I never really thought about this subject much, but if your Windows laptop ever gets stolen most people are out of luck.

I do understand that most smartphones with Android and iOS encrypt all data automatically. My family member that got robbed did use a MacBook protected with Touch ID and a T2 security chip, but I don't know if this is relevant if FileVault wasn't active.

 

I do not. I have like 2 files on my PC with important data, they are encrypted. As for the password manager in Edge or Windows login, PIN is required and till the robber would get it, I would remove the device from my account.

 

Full Windows partition encryption, and I have few USB drives that are fully encrypted as well. Any and all sensitive date is stored on these platforms.

I know we discussed this subject a little while ago. I just can't remember the thread

 

If you don't have windows pro you can think about using veracrypt maybe (put sensitive files in an encrypted container). For fun I encrypted my gaming pc with bitlocker. Yes the write speed took quite a hit. But it was worth a try

 

It really depends on how valuable your data is. The password file is indeed quite important. Other files like PDF documents, images and videos are not that important, at least in my case.

It's probably a thread about VeraCrypt or something, and I think I actually installed it, but never bothered to check it out. I guess it's too much of a hassle for me. But you seem to take it quite seriously. So how does it work in practice, does all data gets decrypted everytime you boot up your system?

I think that's probably the biggest issue, if it impacts speed of file writes and reads.

 

FileVault encrypts the entire disk:

https://support.apple.com/HT204837

https://eclecticlight.co/2021/08/20/disk-encryption-filevault-and-hardware-encryption/

 

For Windows 11 Pro on my laptop that has TPM v2.0, the fully encrypted Windows partition automatically is in a decrypted state when logged into Windows. On Linux I need to enter a password before the login prompt occurs, then of course another separate password to log into my account. My USB drives also require a password to access the protected data.

I forgot to mention, all my online passwords are protected with Keepass. Its Master password is long but easy to remember

 

OK I see. But it still has to be enabled? Unless you're using the T2 security chip, then the SSD is automatically encrypted, if I understood correctly. You also have SSD's that come with built-in encryption. I think it's a shame that Windows Home doesn't have a built-in encrypted vault.

https://www.kingston.com/en/blog/data-security/how-ssd-encryption-works

OK I see. I think for me a simple solution would be the best. Perhaps something like NordLocker, but it doesn't encrypt the whole drive form what I understood, it's more like a vault.

https://nordlocker.com

 

i dont care.
i case of lost my device is erased by default. advantage of modern androids and services.

 

This advantage exists even if your laptop or desktop computer is stolen?

 

Strange.
IIRC Windows can encrypt drive on background. It takes time of course. Are you sure benchmark was done after all encryption on already stored data been done?

How it is triggered? Bad password multiples times or remotely?

 

For Apple laptops it does:

https://support.apple.com/guide/findmy-mac/erase-a-device-fmmbe7bb71f4/mac

 

I don't really care about mobile phones since I don't do anything of importance on my smartphone. But my laptop is a different story, I wouldn't be comfortable if some thief had access to my data. Remotely erasing does sound kinda cool. I suppose you can also do this with the Prey app that's available on Windows, macOS and Android.

https://preyproject.com/download

 

I talk to people every day that have PHI on their laptop and no encryption. They likely have no idea how easy it is to reset the password on Windows or even macOS. Phones I'm not sure but this is why I don't put any bank or financial apps on my phone.

 

Yes exactly, I also didn't really think about this. I do have tools to block data exfiltration performed by malware. But I forgot about that non encrypted data is easy accessible by real life thieves. They can simply install the drive in some other PC or they can boot into safe mode, from what I understood. So password protection or even biometric security won't help, at least in Windows.

 

Correct, a Linux boot disk will allow you to access any unencrypted data on a Windows partition. I have done it to help others retrieve otherwise lost data.

 

It's quite weird to me that MS hasn't made an effort to offer simple encryption tools on Windows Home. They could easily offer some type of protected partition or folder. And of course hardware should also be focused on this, like a dedicated security chip similar to Apple's M2. I suppose it can speed up encryption and decryption of data. Wait a minute, I forgot about the new Pluton chip which is supposed to be integrated with new AMD and Intel CPU's, but it's not focused on user data encryption, if I understood correctly.

https://www.howtogeek.com/779095/what-is-microsofts-pluton-security-processor/

BTW, I now see that NordLocker is purely cloud based, so it's handy to protect data in the cloud, but not on the local machine.

 

BTW, I found some more info about Apple's T2 security chip, and it seems like it's still recommended to use the FileVault feature, which is a bit confusing. Also, when the T2 chip breaks, it might mean that your data is gone. In fact, I think that's why I lost interest in encryption about 25 years ago. Because I remember I lost data after encrypting some files with PGP Desktop.

https://support.apple.com/en-us/HT208344
https://appleinsider.com/articles/1...p-does-in-your-new-macbook-air-or-macbook-pro

 

I found more info about the problem with Apple's T2 security chip. But I didn't understand the part about macOS Time Machine, which is apparently not encrypted. Which means that hackers could still access your data, I suppose?

https://linustechtips.com/topic/108...ther-victim-apple-refuses-to-honour-warranty/

 

You can encrypt backup disks (which probably stay at your home, unlike your laptop):

https://support.apple.com/en-gb/guide/mac-help/mh21241/mac

 

OK I see, I'm not sure if I fully understood. What I meant is that I suppose T2 and FileVault should also encrypt Time Machine data in case it falls in the hands of a real life thief. But it was suggested in the article that it doesn't, which doesn't make a whole lot of sense.

 

The heading is very ambiguous - how long is a piece of string?

WHY?
This forum is littered with Windows security problems. Why should phones or laptops [the point of the post] be any different?