Is the data on your phone or laptop encrypted? Should it be? And what does encrypting your data do to it anyway? Here well explain the ins and outs of encryption, and how you can make sure that everything in your digital life is safe from prying eyes.
Despite some of the complicated math involved, encryption isnt difficult to understandsimply put, it locks your files and data away using a secret code, just like a pair of spies might talk in code to hide what theyre really saying. If anyone else overhears that conversation, it sounds like gibberish, and its the same with encrypted files.
To make sense of encrypted data, you need the key to the code, which on your phone is often your PIN numberget past the lock screen, and your files and apps are no longer gibberish. Thats why being able to unlock an encrypted phone is so important to making sense of the data on it.
It applies to data we have stored on our devices and data we send through the air, to and from the internet. Apps with end-to-end encryption cant be spied on, much to the chagrin of law enforcement agencies and governments worldwide, and only the sender and intended recipient gets to see the real message.
You can go a long way down into the technical details of encryption, but it essentially just scrambles the data. The number of bits is often listed next to the type of encryption being used tell you how many possible combinations there are for the unlock codesomething locked with 256-bit encryption would take a bank of supercomputers billions of years to decode using brute force alone.
If the disk is not encrypted your device can easily be booted off a USB drive and the unencrypted data extracted, explains cybersecurity expert Professor Alan Woodward from the University of Surrey. You can even just take out the hard drive and mount it on another machine to examine data unless the disc is encrypted.
Different types of encryption algorithms have been developed for different purposes, with varying compromises between complexity and speed, though most of the time you wont have to worry about which flavor of encryption youre using (most of the time you just wont get a choice).
For example, the encryption on the iPhone is the 256-bit AES standard also used by the US military, which has the benefit of being both very speedy to apply and impossible to crack by running through the various unlock code combinations, as weve already pointed out.
If you do get a choice, Professor Woodward recommends looking for packages and encryption methods that have gone through some kind of public audit or independent testing to verify the methods used.
In some cases, such as the encryption supplied by Apple and Microsoft, you have little choice but to accept their assurances, but if using a third-party package look for audits, he told Gizmodo. Its the same as with secure messaging apps, its a sign of how robust the developers believe their system to be if they put it up for scrutiny.
If your data isnt encrypted, anyone who happens across your phone or laptop can get at the files within pretty easily; with encryption added, accessing the same data becomes very, very difficult (though not impossible, if other security loopholes can be found on the device). But do you need it in place if youre not carrying government secrets or company financials with you?
As security expert and Chief Technology Officer at IBM Resilient Bruce Schneier puts it in his blog: Encryption should be enabled for everything by default, not a feature you turn on only if youre doing something you consider worth protecting.
This is important. If we only use encryption when were working with important data, then encryption signals that datas importance. If only dissidents use encryption in a country, that countrys authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal.
Even if you dont mind the thought of other people rifling through your folders of GIFs and angry letters to your Internet Service Provider, any device you own contains a wealth of information about you thats best kept private, from contacts to browsing histories.
Whether you think it worth doing is really whether you think your device has valuable data, says Professor Woodward. Youd be surprised what you do have: Contacts, emails, passwords. People underestimate the value of these to criminals. So, on the whole I think it is worth doing.
Youre building a wall between everything on your phone or computer, and anyone else who might want to look at it who isnt you. The good news is, encryption has become so important that a lot of devices now include it by default, so you dont necessarily need to do anything to stay protected.
iOS has been encrypting data for years, and encryption is now switched on by default in macOS as well: To check, open System Preferences, click Security & Privacy, then open the FileVault tab. If encryption isnt enabled, you can start the process here, and Apple has more information on its official support page.
After lagging behind iPhones for several years, just about all new Android devices are also now encrypted by default, as long as theyre running Android 6.0 Marshmallow or later. If your Android device isnt encrypted, and can be encrypted with its current OS version, then youll find the option by tapping the Security link in Settings.
That just leaves Windowssome PCs that ship with Windows 10 come with something called Device Encryption enabled, as long as you set it up and sign in with a Microsoft account. To check if this applies to you, from Settings click System then About and see if theres a Device Encryption section at the bottom.
If you dont have Device Encryption on your machine then the next option is BitLockerbut that requires upgrading to Windows 10 Pro. You may think the $100 is worth it, but free options, like the open source VeraCrypt, are available as well.
Were not going to go into too much detail about the data traveling to and from your devices, but encryption applies here toowith encryption in place, if someone should intercept the data going to or leaving from your computer, they wont be able to make sense of it.
A lot of apps apply encryption by default, and its also added when you connect to HTTPS sites such as Facebook, Gmail, Amazon and many others. Adding a password to your Wi-Fi network at home encrypts the data moving across it, and if youre using a public Wi-Fi network that anyone can access you should consider installing a VPN to encrypt your data and keep it scrambled.
Finally, its important to remember that nothing keeps your devices 100 percent protected, not even encryption (though it of course goes a long way towards doing that)dont think because your phone or laptop is encrypted you can become complacent about all the other precautions you need to put in place to stay safe.Read More..