With power-on passwords and login passwords available, what's the value of hard drive encryption?

Anyone who's determined to gain access to a drive is going to be able to bypass BIOS passwords or Windows passwords in just a couple of minutes. There are tools available to actually automate the process in both areas. I've written about it, and there's some pretty extensive resources available about bypassing BIOS passwords and how to crack operating system passwords.

The fact is most people don't use power-on passwords anyway, because it's just too inconvenient. Many of the computers I see don't even have passwords to log on to the local operating system or into the network. And, if they do, all it takes is using a tool, such as the free Ophcrack LiveCD, and literally within a matter of minutes passwords can be cracked or reset and the hacker has full access to the system and the drive. There are even ways to access large storage environments by breaking into management consoles, gaining access to servers using Metasploit, etc.

So, to answer your question, storage encryption is the final layer of protection when all of these other things have failed.

Check out the entire Storage Encryption FAQ guide.

This was first published in October 2007