Why is full disk encryption better than standard system login?

« Other questions

If my laptop gets stolen and it is password protected the thief would have to guess/crack the password to gain access to the computer.

If it has full disk encryption the thief can still gain access to the computer if he guesses/cracks the password used for encryption. If the only thing standing in the way of access in both scenarios is a password why is full disk encryption better?

  • coyote
    I won’t get into the technicalities (much) but instead just add this: say rather it is an addition to the overall protection of the data. Of course, using the same password isn’t wise anywhere but I’m sure anyone who guesses your boot password (whether full disk encryption or not) would indeed try it for your accounts. Security involves multiple layers of defence and one should never forget that. You might also looking at it differently: your account has access to your data and someone could snoop around it, install backdoors (etc.) and anything else but if they can’t even boot the system (and I include unlock the volumes) does that matter? The answer is of course ‘no’ and more like ‘no but that doesn’t mean you shouldn’t take both seriously.’ So it is an additional layer and not ‘better’.
  • You must to post comments


There are several angles to this, but the simple answer is that it is easy to bypass or reset user login password security using a variety of tools. Assuming you are using Windows, some require use of the recovery console and some are stand-alone UNIX based tools that can be run from a USB stick. The bottom line is that a password protected PC is vulnerable to anyone with modest knowledge.

Depending on the encryption tool you use for an entire system disk, this provides substantially higher security, provided your pass phrase is suitably strong (the pass phrase should be longer than a normal Windows password). However, this only protects your PC from physical access (and makes it a brick if you forget your pass phrase!). It is still vulnerable to hacking attacks when on (connected to a network) and during that phase it is possible (although not easy) to sniff your pass-phrase. There are also ways to sniff the pass phrase in other ways with physical access to the PC. Letting the PC use sleep mode is definitely out (the pass phrase will be stored in ROM).

There are documented methods for cracking most software related passwords, but making the password long and complex provides additional security. The level you wish to use will relate to the “value” or your data.

You may find this article interesting:

  • You must to post comments


I would like to add that if you had a password but your laptop hard drive wasn’t encrypted, a thief who gains physical access to the computer simply needs to remove the drive and read its contents on another computer (which bypasses the pwd issue entirely).

If the drive was encrypted, then its contents couldn’t be read when connected to another computer.

Does that make sense?

  • You must to post comments
Showing 2 results
Your Answer

Please first to submit.