Encrypt Your Entire Boot Disk

Share

This is another entry in my list of articles on encrypting your entire digital life from end to end.  Click here for the lead article.  This article is about encrypting your entire boot disk on your server, desktop, or laptop computer.  I’ll be giving specific instructions for Windows, but Mac & Linux steps are similar.  Note that encrypting your boot drive is performed differently than encrypting non boot drives (which I’ll also cover in a separate article).  These instructions are using free, open source software that’s NOT from Microsoft.

Short (VERY short version)

    1. Install encryption software.
    2. Backup boot drive (no, seriously!  DO THIS!)
    3. Select boot volume.
    4. Provide passphrase.
    5. Reboot.
    6. Enter passphrase on boot prompt.
    7. Wait for boot.
    8. Encrypt volume.

The rest of this shows you the details of those steps.

Note the following trade-offs to encrypting your boot drive:

  1. When powering on or rebooting, your PC will stop until you enter your encryption passphrase.  This means you can’t reboot your PC remotely.  Someone has to physically be there.
  2. After typing in your passphrase, there will be a delay.  My PC takes 48 seconds that it didn’t take before.

Let’s begin

  1. Download and Install VeraCrypt from https://veracrypt.codeplex.com/releases/view/616110
  2. Open the “System” menu and choose “Encrypt System Partition/Drive”.
    1. image
  3. Follow the directions in the software.
  4. After you’ve answered all the prompts in the software, it will require you to reboot.  During boot, BEFORE Windows boots, you’ll be prompted to enter your passphrase.  Go ahead and enter it and hit [Enter].
  5. You’ll then be prompted for “PIM”.  Honestly, I have no idea what this is.  I just left it blank and hit [Enter].  All is good.
  6. Your PC will work on decrypting for a while.  My Quad-Core i5-4690K CPU @ 3.5Ghz takes about 48 seconds here.  Your mileage may vary depending on the speed of your CPU.
  7. Once it’s done there, Windows will boot.  Go ahead and log in.
  8. You still haven’t actually encrypted your disk yet.  You just got the VeraCrypt bootloader installed.  Shortly after you log in, VeraCrypt will automatically open and walk you through actually encrypting your disk.  That will be the final step.

DO NOT FORGET YOUR PASSPHRASE!!!!!

After that, you’re all done.  Now, every time you reboot, you’ll be prompted for your passphrase SO DON’T YOU DARE FORGET IT!  Seriously!  If you forget your passphrase, there’s NO WAY to recover it.  That’s it.  It’s done.  The data on your boot drive will be gone forever.  You’ll have to reformat your drive, install a fresh copy of Windows, and start all over OR pull out the drive and set it aside, hoping you’ll remember some day.  I cannot stress this enough.  You CANNOT forget your passphrase!  I recommend storing a HINT of your passphrase in an ENCRYPTED password management tool, like LastPass.  I use the “secure notes” feature to store mine.

Your drive is now much more secure.

What you NEED to know about Windows 8 and 10 disk encryption

And by “Windows 8 and 10 disk encryption”, I mean the built-in encryption capabilities of Windows.  I’m NOT talking about what we just did above with a third party product called VeraCrypt…

  • If you install Windows 8 or 10 on your own PC, then log into your Microsoft account, at that time, your DECRYPTION KEYS are UPLOADED to Microsoft servers!!!  Yes!  Without asking!
  • If you buy a PC with Windows 8 or 10 already on it, your decryption keys are ALREADY uploaded to Microsoft servers.
  • You can request that Microsoft delete your decryption key, but it’s already too late.  Once your decryption key leaves your hands, you can no longer trust that it’s secure.
  • To fix this, you’ll need to RE-Encrypt your disk, which requries generating a NEW key, then NEVER log into Windows with your Microsoft account.  Just… DON’T!  But DO create a LOCAL user account and use that from now on.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

Quicken 2016 Riddled with bugs and Errors

Share

I’ve been writing about the bugs in Quicken for years and I’ve been complaining to Inuit about it.  For many of the bugs, they refuse to acknowledge they exist.  For others they simply don’t care.  Don’t expect any of these to be fixed… ever.

Here’s a short list of bugs and problems I’ve experienced with Quicken 2016 in just the first couple of days of use:

  1. Linking bills to online crashes 100% of the time on first attempt of each bill.
  2. App hangs with high CPU% when trying to update online transactions frequently (not all the time).  Must forcibly kill app.
    • image
    • image
  3. I canceled a repeating online payment.  It will never send the instruction and complains that I have a pending instruction to send every time I exit the app (pictured).
  4. No audio (happened before the upgrade and still no sound).
  5. Every time you contact support, they claim your file is corrupt and want you to do a file repair, which never fixes the problem, though that, itself, is both a customer service problem and a serious bug that their software continuously corrupts the data file.  This has been a problem for at least a decade (possibly more).
  6. Redraw routines are incredibly inefficient with too many redraws happening — readily apparent and an actual problem when remoting in to your PC.  Also a problem when moving the app window around the desktop.  It’s very choppy even on high end desktops with high end graphics cards.   This is something a 20 year old PC should handle easily.
  7. Non standard text entries — When you click in it, it auto-selects the text.  This has been a problem for decades.  They seem to think it’s a feature, but to power Windows users, it ALWAYS interferes with our way of doing things.  It’s impossible to get used to it because 99% of all other apps do it right (by not doing this).
  8. [Update 2016-02-16] I changed a password to a credit card, now Quicken can’t connect and asks for the pw every time, instead of storing it in Quicken’s password locker with all the others.

image

Thank you for sharing this article.  See the image below?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share