Encrypt Everything

A burglar recently broke into my brother's house. They stole some jewelry and electronics including a camcorder with videos of their baby daughter. Hopefully they backed up those family memories to a safe place.

This event made me start thinking about what if this had happened to me? What would I care about losing, and how can I protect myself?

The worst case scenario would be if someone stole my laptop/phone, and gained access to my email account. I've had the same Gmail account since 2005, so my entire life is stored there. Every online account I have uses that email address for password resets. My email probably has enough information in it to get access to my banking, investment, and social networking accounts.

I've already enabled 2-factor authentication on my email and several other online accounts. (And I suggest you do the same for all the sites that support 2-factor authentication.) This way, even if someone steals my passwords, they can't access any of my accounts without my phone (by generating a new PIN) or my computers (which are already authenticated and don't need a PIN).

To prevent thieves from accessing my email, I've added a password to my phone. Currently it only asks for the password after 30 minutes of inactivity. This has three benefits: 1) if I'm mugged, the thief won't even know it is password protected if I've used it recently, 2) it's unlikely the thief will get much data off of it before setting it down for 30 minutes and getting locked out (everyone sleeps, after all), and 3) I don't have to constantly enter my PIN every time I want to use my phone.

On the computer side, both my laptop and my desktop are encrypted with BitLocker. BitLocker is dead simple to use, and I highly recommend you enable it on your computer if you have it. The way I have BitLocker set up, it asks for a password before booting. Until this password is entered, the data on the hard drive is completely inaccessible even if the thief puts the hard drive in another computer!

Finally, I encrypted my phone today. I don't know how much data is accessible on locked but unencrypted phones. Regardless, that data is now safe, too.

The window of opportunity for a thief to steal my data is very small. If my desktop is unplugged, then he can't access my data. If my laptop is turned off (which happens in about 1-2 hours due to its excellent battery life), then he can't access my data. If my phone is left alone for 30 minutes, then he can't access my data.

If you're like me and you stay signed in to all your online accounts, then you can't afford not to encrypt your phone and computers. If you don't, then why bother having passwords on any of your accounts at all? They don't matter if the thief steals your laptop that is already signed in!

Photo of Bletchley Park by Katherine