4 simple steps to bulletproof laptop security
Follow these tips, tools, and techniques to protect your Windows notebook against theft, intrusion, and data loss
- Enroll at least one finger from each hand. That way, if you have a hand injury, you can easily fall back on the other finger.
- If your reader supports it, configure the system to require a fingerprint at power-on. This way, the system cannot be cold-booted by anyone who's not already registered. In many cases, the system will use the same fingerprint credential swiped at startup to automatically log you in, so you don't have to swipe your finger twice.
- Fingerprint credentials (the data sampled for your fingerprint) can be protected using the reader's own key for additional security. There's no noticeable overhead or cost for doing this, so use this option if it's available with your fingerprint reader.
- It's typically possible to set a backup password for the fingerprint reader in case it fails to work. If you do this, don't use a password that matches anything else in the system. Come up with something fresh.
Some fingerprint-reader software suites also have the ability to protect password fields, either in system prompts or in pages viewed by Web browsers. I'm not crazy about doing this, if only because I found another approach that does not store passwords locally at all: SuperGenPass. It's a browser-side add-on that uses a master password to dynamically generate strong passwords for websites based on their domain name. Nothing is ever stored locally, unless you use your browser's own password-storage feature to cache the results (which defeats the purpose).
Many business-class notebooks have built-in fingerprint readers. External USB models also exist, but integrated models are less cumbersome.
Laptop security step No. 3: Full-disk encryption
A third level of protection comes in the form of encryption, which can range from simply encrypting individual files to encrypting the entire contents of the system disk. Windows has long had on-disk encryption for individual files and folders, but now features the native ability to encrypt the system drive itself: operating system, applications, data, everything. Whether you use Windows' built-in solution or an alternative (more on that below), don't overlook the importance of full-disk encryption. It's one of the most thorough physical defenses for a notebook.
Windows' native disk encryption system, BitLocker, can be used to protect either individual drives or the entire system drive. It doesn't appreciably affect system performance, so you can use it without worrying about slowing down the system. If you elect to encrypt your notebook's entire system drive with it, you'll need one of two things: