Are you a developer or an entrepreneur? What if I stole your laptop right now - how much data could I extract from your disk?
Well, let me think. How about all those login cookies and tokens I could use to mess up your private and work life, for example, by just logging into your Facebook?
Oh wait, you've been watching my video about building test/dev environments on your laptop, and you didn't bother to GDPR-ize your data. So now your laptop becomes a massive liability.
The answer is actually super easy: you just have to encrypt your laptop. But don't stop reading here. There's more to it than just clicking a few buttons.
Why encryption matters
If you simply encrypt your laptop but use a weak passphrase like "potatoes1232015#," you're not much better off.
Why do I call it a passphrase and not a password? A passphrase is something that should be a bit longer. It's used by special key derivation functions to produce the encryption key for your disk. That's why it should be longer, as that means more entropy and much harder guess-work.
Fingerprint security
You might think using your fingerprint is a good alternative. While convenient, if someone really wants your data, they could force you to use your fingerprint.
Some car manufacturers introduced this function at some point and it was quickly rolled back. Why? Owners started losing their fingers...
Besides that biometrics have one bad issue - once they are compromised you cannot really change them.
Cloud backup considerations
If you back up critical documents to the cloud, ensure it's a zero-knowledge solution. This means the encryption key never leaves your machine, only the encrypted data does.
SSH key passphrase
Developers, be honest: how many of you actually have a passphrase on your SSH key? This is another reason you need full disk encryption on your laptop.
Traveling with sensitive data
When traveling, especially to countries where local authorities might be interested in your data, keep your laptop encrypted and store sensitive data elsewhere. You can download it when needed. If you’re in such high-risk situations, seek professional advice.
Implementing full disk encryption
The solution is simple: full disk encryption. Remember, the passphrase must be long and complex. Think twice before relying on fingerprints alone.
- Windows: Use BitLocker. If you’re a high-profile individual, read the fine print.
- Mac: Use FileVault.
- Linux: Use LUKS.
Dual Boot Systems
I use both Linux and Windows for different tasks. Both are encrypted. For those with dual boot systems, Mike Kasberg has a fantastic blog entry explaining step-by-step how to encrypt your drive and maintain dual boot capability.
Take action!
Don't wait - encrypt your laptop today. Whether you're a developer or an entrepreneur, it's crucial. Most people target hardware, but the data on your disk could be exploited. I've seen friends hacked because of this, sometimes even through discarded hardware/trash.
When I was on holiday, surrounded by entrepreneurs, I asked how many had encrypted their laptops. I was the only one. This is a real threat, especially if you're a CEO or someone with sensitive information.
