CK Geek: Why you should encrypt your PC fully

What is the worst thing that would happen if someone steals your PC? I'm not talking about the financial loss here but about the data that you have on your computer system. If the system is not properly protected, a thief could gain access to emails, important local documents, personal photos, and other files of importance.

This alone can lead to information leaks or unpleasant situations where private photos or information are shared publicly on the Internet. Once it has been spread, it is virtually impossible to get it off the Internet again.

That's however not all that can happen. Depending on access, things can get even worse than that. Take your email account for example. Reading personal emails is bad enough, but the attacker may also gain access to online accounts via the password recovery feature that most services offer. They may gain access to social accounts and maybe even online banking accounts.

Another possible target is the web browser. If you save session cookies or browsing sessions, or god beware, save passwords in it without master password or other form of protection, then you are leaving the door wide open for all kinds of mayhem. It is again possible to sign in to accounts online using saved credentials. Someone may read private conversations on Facebook, sell or trade all of your items on Steam, make purchases in your name, contact friends and ask them for money, or simply create a detailed profile about you.

via XKCD

All that has been said up until now concentrated on the PC being stolen, which in my opinion is the most likely scenario in which unrelated third parties get full access to the computer. While it may be more likely that your mobile computer, a laptop or tablet PC, may get stolen because of the greater opportunity, it is not uncommon that someone breaks into a house to steal valuables such as computers as well.

There are other scenarios. Maybe another family member is constantly accessing your computer and you want that to stop, but the user account password somehow does not stop the access. Or, you are a business traveler and use a company computer during travels that you want better protected, to avoid that a third party creates an image of the system's hard drive, or to leave it unattended for short periods of time.

For me personally, it is all about the theft aspect. I store important information about my business on the computer, and access to my email accounts is also readily available. A thief could take advantage of those without encryption. Break-ins may be common depending on where you live, but even if they are not, there is still a chance that something like this is going to happen.

I have not mentioned the NSA and other surveillance agencies up to this point. It is unlikely to get targeted locally by them. Encryption does not really protect against online surveillance though, which is the main reason why it is not really part of the argument.

How?

My suggestion would be to use an Open Source encryption program like True Crypt or DiskCryptor for that. While there is no 100% guarantee here either that the code is clean, there is at least the possibility to audit the code fully, which proprietary programs such as Windows' BitLocker do not offer.

Both True Crypt and DiskCryptor support the encryption of system partitions and non-system partition, and it is really easy to do. In DiskCryptor for instance, you simply select the boot partition or another partition that you want to encrypt fully, pick a password and algorithm (or keep AES the default one), and hit the start button. That's all there is to it.

It is highly suggested to backup the headers after the encryption process succeeded, and to create a recovery disk that enables you to troubleshoot issues that you may experience at one point in time.

Note that full encryption means that you will have to enter a password during boot time. If you enter it correctly, the data gets decrypted and you gain access to your operating system in the usual way.

There are things that can go wrong here, just like they can go wrong on unencrypted drives. The boot loader may get corrupt for example, so that the encryption program cannot be loaded anymore. Without it, you cannot access any data stored on your PCs.