Solved

Two form authentication w/bitlocker, no tpm

Posted on 2015-02-19
6
126 Views
Last Modified: 2015-02-19
The laptop has no means to setup a bios password and without the TPM chip I cannot setup a pin. I can still encrypt the drive but I would like to setup some other form of authentication if possible? Or some other form of encryption that hasn't been hacked yet like TrueCrypt
0
Comment
Question by:stlhost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 55

Expert Comment

by:McKnife
ID: 40618945
Hi.

TC hasn't been hacked. It's a discontinued product, that's all. They declare it insecure, because an audit has found minor weaknesses that they are not going to fix any more.
As for Bitlocker: what OS are we talking about? In vista/win7, you can use a startup usb thumb drive. In win8.x, you can also use a password.

And what would "two form" mean here? We cannot have two factor authentication in bitlocker without using a TPM.
0
 
LVL 2

Author Comment

by:stlhost
ID: 40618963
We used to use TC but since it has been declared insecure we have now moved to self encrypting hard drives like Crucial M500 and M550 and just bios passwords. But one of our executives doesn't want to play ball and bought a laptop of her own that does not have the TPM chip so I am looking for an alternative means to  protect the system (besides windows password) This is Windows 7 Ultimate. Bitlocking the hard drive is not enough they want it password protected somehow
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40619001
If you count the win pw is first factor already, why don't you think you can count the bitlocker protector (in your OS that would have to be a USB startup key) as second?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:stlhost
ID: 40619034
When you say USB Startup Key what does this mean? During the bitlocker process it asks to save the recovery key somewhere and USB is an option that I can save it to but there is no start up key that I am aware of. If you click "Require a Startup key at every startup" it doesn't actually create one, it goes just to the next screen that asks you to print/save the recovery key.
0
 
LVL 55

Accepted Solution

by:
McKnife earned 500 total points
ID: 40619413
"If you click "Require a Startup key at every startup" it doesn't actually create one" - oh yes, it sure does. It writes a file to your usb drive, you simply don't see it because it is hidden when using default explorer view options. See for yourself, unhide system files and there will be a .bek file right in the root of your usb thumb drive.
When you start your encrypted machine, that thumb drive will need to be inserted.
0
 
LVL 2

Author Closing Comment

by:stlhost
ID: 40619755
You are correct. It does, I jumped the gun too fast. Thank you
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question