Thinkpads Forum

I guess my original attempt to post questions failed so I'll try again.

I just got a 200776U T-60 which I plan to use in my home network and to take on vacations with me. I will only be traveling by car.

While traveling I plan to use the T-Pad for the usual email and Web browsing but I also will use it to store and edit digital images, use Streets and Trips as a form of Nav system and do banking and other similar things while traveling.

I'm trying to understand how to set it up to be secure in the event that it's stolen. Here are some questions:

1. Can I use either the finger print reader or a password for logging on to Windows? In other words if the finger print reader fails, can I revert to a password as backup?

2. How do I encrypt files such as spread sheets?

3. Is it possible to use the finger print reader to enter passwords for logging onto websites such as banks? If so, how does that work?

4. Are passwords stored in a hardware extension or on the hard drive? Do I have to enable something in Bios for that to happen?

5. Finally, I would appreciate advice from anyone about how I should set up the T-Pad given my intended use.

TIA,
Bud

-BudC,

I haven't figured out CSS yet (I hope to some day ) but I've used a program called "DriveCrypt Plus Pack" to encrypt my whole drive and it works great. You can read about it here.

Beware that I've not used it on a drive with the pre-desktop partition so make sure you have a backup (or convert to a normal boot sector before installing DCPP).

BTW: I would suggest that you edit your subject line to be more informative -- you'll get more feedback.

Good luck!

-darren

My post was moved from another area so things got a bit confusing. I've changed the Subject line.

I think that the T-60 has all the security features I could want. All I have to do is understand how to use them. Lenovo tells you what you can do but not how to do it.

I'm no newby when it comes to computers but it would be helpful if Lenovo provided SOME information on their website. I guess I got spoiled by Apple after getting my wife a new iMac.

BudC wrote:I just got a 200776U T-60 which I plan to use in my home network and to take on vacations with me. I'm trying to understand how to set it up to be secure in the event that it's stolen.

I choose to not use the fingerprint reader. It has been somewhat unreliable for me, thereby locking me out! However that said, my fingerprints are not the best. On individual basis, in my office 15 out of 20 users with ThinkPads do not use the reader, instead relying on typing in passwords, as I do. In fact this was such as issue for me on my T43 that I purposely ordered my new ThinkPads without that feature.
In my case I choose to use the power on password, configured through the BIOS, and the Hard Drive Password, also in the BIOS. So everything in my computer is protected and no one can get it booted up. Then should someone remove just the drive and put it in another ThinkPad they are still locked out. I have used this for years on ThinkPads and I can tell you it's fail safe. In fact if I forget the password, Lenovo service cannot reover it. So be sure you remember your password.
Here is a link to Lenovo's site that will answer your questions so that you can decide for yourself. It's important to know that you should use MS Internet Explorer for this, as once you are there it will offer to automatically detect your machine type. I tried with Firefox and it acts as though there is a problem with the site.
http://www-307.ibm.com/pc/support/site. ... 50#poweron

Good Luck, and let me know how you do.
Archer.

Thanks for the link and Info. It appears that the login for Windows lets me use either the fingerprint reader or to type in a password. I've been able to do either.

I'd like to use the fingerprint reader for normal log-in passwords such as logging onto our bank sites but still have a password as a backup.

Anyway, I'll follow your advice. I won't have much Info that needs to be secured, mostly just passwords and maybe a spreadsheet or two.

Bud

BudC wrote:Thanks for the link and Info. It appears that the login for Windows lets me use either the fingerprint reader or to type in a password. I've been able to do either.
Bud

I think your plan is a great one that will work perfectly for you. Glad the info was helpful.

Archer

Whether you use the FPR or not, a hard drive password will be enough security. If you apply that, basically only law enforcement or someone who spends a great deal of money to be able to remove the HDD controller in your device and use another controller with it can see your data. Any thief with an IQ in the mid-double digits would just get a new HDD.

If you want more, you can set up the CSS and create an encrypted sub-drive (sort of like a partition on the drive for a user).

In either event, the main determinant of your security is the un-relatedness of your password to other passwords of yours that can be discovered and to people and events in your life. That's actually the source of most successful brute force attacks on passwords that law enforcement types use to get through encryption.

WilsonF, what hard drive password are your referring to? Is this a feature of CSS?

-darren

Every ThinkPad has multiple hardware layers of security. The harddrive password locks people out of the drive in the event that the machine is stolen. Each time you boot up the machine, you need to type in the drive password to boot into Windows. Also, if someone just pulls your drive out and attaches it into another machine, they get the same prompt. It's a great way to protect your data, and you can enable it within the Bios when the machine first boots up.

Be careful tho .. if you forget your own password you will lock yourself out of the system and will be looking to buy a new harddrive in the near future!

Regards.

MG.

So is this a modified bootsector or encrypted partition? The former would be defeatable by putting the hard drive in another computer as a non-active (ie non-boot) drive. The latter is great but requires a lengthy drive encryption to get started and steals a little overhead from the CPU.

-darren

There is no encryption. The HD password is only in the onboard controller that is part of the HDD. To circumvent it, a thief must have a cleanroom to disassemble the HDD and hook it up to an exterior controller identical to the one that came with the HDD. Reading a drive with the HDD password set without inputting the password is more trouble than it's worth for everyone except data recovery pros and government agencies. Unless you're walking around with your Company's most valuable trade secrets on the drive, the HDD password is enough.

You set it in the BIOS. First select "security" and then select "hard drive password (user)."

Interesting - I've never run into this. Is this in all Hitachi TravelStor drives or just the ones built for Lenovo?

Also, are you sure that the circuitry for it is inside the drive instead of on the circuit card? In my experience all the circuitry is on the external card and that can be easily removed without exposing the platters. Still, having the password mechanism built into the firmware on the hard drive is better than nothing.

-darren

not sure if this has any relevance, but when I worked at IBM, the SOP was to have both the bootup system password and the harddrive password. This way both the data, and the laptop itself is useless unless the thief goes through lengths to retrieve the bootup system password.

And I can confirm that the drive is still unreadable with a password if you just stick it into the computer as a non-booting drive. I tried mounting one of my co-workers HDD adapter that goes where the cd-rom drive is, and it wouldnt let me view it, until I rebooted, when it then prompted me to enter the password.

Very cool! And I think I figured out what WilsonF meant about having to use a cleanroom to defeat the mechanism. If the password is stored on a platter and *all* circuit cards will honor it if present, that would indeed require either a modified circuit card or some kind of cleanroom extraction of the data.

I found a company with software that will remove this protection from some drives, but it's still nice to know how the option works and that it's available.

Thanks for the explanation guys!

-darren