Security against bootable drive

I’ve seen that with a bootable installation usb drive, I can use Files to see all of the folders that are on my hard disk and used by my already-installed OS. Therefore the system password on my regular OS is very easy to bypass. Is there an easy way to stop this bypassing of the system password?

You may be able to set the BIOS not to boot from USB drives,
but then anyone could access the BIOS and set it to allow.

The only real sure way is to prevent access to the computer.

Computer security is a farce. It doesnt exist. Dont keep anything sensitive in any computer or anywhere on the internet.

1 Like

Hi Neville – wow. That is not the answer I was hoping for. I have long, obscure passwords on financial accounts and Firefox remembers them, which is very handy. You seem to be telling me I should type them in while referring to a page in a paper notebook. Am I getting that right? --jk

I’ve been using Bit Warden for storing passwords. If my laptop were stolen, my understanding was that the thieves wouldn’t be able to get those passwords because they are encrypted. Is there a vulnerability there?

Hi Jim,
If you’re worried that your files will be seen when you boot with a USB flash drive, one of the solutions I can think of is to encrypt the disk (HDD or SSD).

Jorge

1 Like

Thanks, Jorge, I will look into that to see what side effiects it may have.

1 Like

Hi Jim,

It’s one thing to save your passwords in Firefox, it’s another to save them in Bitwarden.
Personally, I store passwords of “little importance” in Bitwarden, of “medium importance” in KeypassXC and important and “crucial” financial passwords on paper.
Sorry if that’s not the answer you’re looking for, but it’s the way I use it on a day-to-day basis

Jorge

Thanks, these are good inputs – I will likely make some changes. --jk

1 Like

Hi Jim,
First of all, before you do anything, make backups, because you could lose all the information on the disk.
One of the easiest ways to encrypt the disk is to install the distro. However, you can encrypt the entire disk or, for example, partitions.

Here an example how to encrypt the disk:
https://forums.linuxmint.com/viewtopic.php?t=395233

If you try to encrypt it, try it first on a USB stick to see how it works.
I’ve already had the disk encrypted and chose not to use it encrypted.

Here a thread about this batter in Reddit:
https://www.reddit.com/r/archlinux/comments/1aihaep/how_important_is_disk_encryption/

But I’m of the same opinion as Neville:

You should be careful what you keep on your computer. In my opinion, that’s the best advice you can get

Jorge

Hear hear.
Paper is more secure. You can encrypt/decrypt them in your head on paper.

1 Like

There is no absolute security, only relative.
You just have to manage it the way @Tech_JA does.
I could not be bothered with encryption… not the whole disk anyway… too many problems with booting. Maybe a data partition.?

1 Like

Thanks again. I’m glad I posted this question. I think I will make a list of the most important pwds and change them all with new ones kept only on paper, encrypted in my head, as you suggest. For a few sensitive documents on the computer I will perhaps move them to a thumb drive in a safe place, or on paper in a safe place. I’ve heard that solid state memory can drop bits over long periods of time.

That is true. For long term storage an HDD is better than an SSD.

You made me think too. I need to tidy up a few things.
Thanks.

1 Like

Some PC also allow you to set a password to access the BIOS.

1 Like

Proton is now offering a secure password system. Perhaps I should step up from Bitwarden.

Thanks for bringing that up. I already use Proton.me for email, and they of course let me know about their other offerings. I have looked into it a little; it does seem to be extra secure compared to other password managers. I’m a little intimidated by the complexity of it though; some of the terms they use are over my head, and there are features that I don’t know if I need them or not. I’ll have to do some homework. --jk

typing out a complex (or even a simple) password - is the keyloggers favourite method of getting user passwords…

I prefer keybased, and MFA and one time…

This is one of the reasons I cringe when I see colleagues using PuTTY with “challenge / response” login - it’s highly insecure (anything could be running and logging all keystrokes)… But PuTTY’s kludgy SSH key management is a detterent (I don’t use PuTTY for both reasons)…

I still think trusting your browser to remember (encrypted) your passwords is BETTER than typing them out every time…

2 Likes

Dan, thanks for this input. Are you referring to the fact that the browser encrypts pwds for local storage? I can see that would improve security over a file I create with unencrypted pwds.