It is a headache for most people who use computers to lock their privacy or important data. windows also provides a variety of encryption technologies, let me take a look.
Windows User Password is a well-known encryption method. You can set your user password under "User Account and home security" under "Control Panel. However, the security of such passwords is very low. As early as in windows XP, some people used specific software or switched over the input method to crack the windows login password. Therefore, this password is essentially a virtual one.
Password
In fact, windows also comes with another encryption method-"windows Startup Password", which is not well known and rarely used. Setting Method: Press "win + R" at the same time to bring up the "run" dialog box, enter "syskey" in the dialog box, and press "enter ". The windows Startup Password Setting dialog box is displayed, but note that this password is used.
Once the setting is complete, it cannot be canceled. This password will pop up the Enter Password dialog box when the computer starts. Unlike the "User Login Password", this password is actually started before windows, windows can be started only after the correct password is entered. "Windows Start password" is much safer than "windows User Login Password", at least it won't be cracked by switching the input method. However, for the security of the entire computer, this password is still not safe enough, and important data on the hard disk still cannot be completely protected.
Open Option
Note:
In Windows 7/Vista Ultimate and Enterprise, there is a built-in function: "BitLocker", which is an encrypted drive. Generally, running this encryption program requires the computer's motherboard With TPMTrusted Platform Module) module or self-prepared flash disk. Because my laptop is not equipped with a TPM security chip, we can only use flash disks for encryption, making TPM encryption easier. First, the primary partition of the hard disk must have a space of more than MB. All the hard disk partitions, logical partitions, and primary partitions, must adopt the NTFS partition format. After Windows Vista is installed, BitLocker is not started and must be set in the Group Policy Editor. Press "win + R". In the dialog box that appears, type "gpedit. msc" and press Enter. Select "Local Computer Policy"> "Computer Configuration"> "management module"> "windows Components"> "BitLocker encrypted drive" in the left-side menu ".
Double-click "Control Panel settings: enable advanced startup options ". Change "Not Configured" to "enabled" by default, select "allow BitLocker if TPM is not compatible", and then return. Double-click "Configure encryption method" and change the default "Not Configured" to "enabled ", in the "select encryption method" menu, select "AES 256 bits containing hashes ".
In "Control Panel", double-click "security", and select "enable BitLocker". First, set the BitLocker startup preference, select "Enable USB key upon each start", save the START key, select a flash disk that has been connected to the computer, and save the recovery password, with a "flash disk" selected ", you must note that the recovery password cannot be stored in the primary partition and the logical partition where Windows Vista is located, and cannot be saved in the root directory. During encryption, check "Run BitLocker system check" and click "continue". At this time, the running wizard prompts you to restart the computer. After the computer is restarted, the encryption will automatically take place. At this time, the optical drive cannot contain a CD, in addition, flash disks used as keys must be correctly recognized before being logged into windows. Therefore, MP3 players cannot be used as key disks.
As for the encryption effect, you cannot access the system without a key disk, and even remove the hard disk and install it on another computer. It will also display "This partition is not formatted", so it can truly lock important data, but this encryption also has a disadvantage, that is, it can only Encrypt System partitions, therefore, before encryption, move important data to the system partition. Of course, BitLocker can only play a role when the system is started and cannot prevent virus intrusion. Therefore, anti-virus software and firewall must be configured.
Finally, we will mention the most common TPM security chip, which is the most secure encryption technology so far, any offline cracking or other methods cannot be understood. This encryption method is TPM + fingerprint recognition ).
- Cracking Windows encryption protection: the EFS is decrypted
- What does Windows 7 bring to the system security administrator?