Many computers give you the option to set a “hard disk password” along with operating system passwords and BIOS passwords. This is different from encryption — a hard disk password doesn’t actually encrypt your files.
Hard disk passwords fall into a weird middle ground. On the one hand, they can disable access to your drive and be inconvenient if you lose them. On the other hand, they don’t protect your files like full-disk encryption would.
How Do Hard Disk Passwords Work?
Hard disk passwords are part of the ATA specification. If your computer supports hard disk passwords, you’ll likely find this option option in its BIOS screen. Look in the “Security” or “Password” section.
Whereas an operating system password controls whether you can log in after you’ve booted the computer and a BIOS password controls whether you can boot the computer at all, a hard disk password controls access to the hard disk itself. When you boot your computer, you’ll need to enter the hard disk password. If you don’t know the hard disk password, your hard disk will be “locked” and won’t function.
Unlike BIOS and operating system passwords, a hard disk password protects your data even if someone opens up your computer and removes the hard disk. The hard disk password is stored in the disk drive’s firmware itself. Using a hard disk password does help protect your files, unlike an operating system password or BIOS password.
Hard Disk Password Weaknesses
A hard disk password has some big weaknesses. For example, there are a number of data forensics programs that promise they can remove hard disk passwords. Some drives store the password unencrypted in their firmware, and this unencrypted password can simply be read from a firmware. The drive’s firmware settings area could be modified to set the “password on” flag to “password off.” In an extreme case, the drive could be opened up, its platters removed, and inserted into another drive without a password set.
A hard disk password also won’t help if your computer is taken while asleep, as the drive will only prompt you at boot.
Passwords Are Inconvenient
A hard disk password can actually be more inconvenient than encryption. Let’s say you forget a hard disk password — the drive’s hardware is now “bricked” and unusable until you use specialized data forensics software. Computer manufacturers won’t help you make it usable again. Encryption is more convenient. Even if you forget your password to an encrypted drive, you can simply wipe the drive and start over. Your hardware is still usable.
If you use encryption, you can remove the hard drive from your computer, connect it to another computer, and unlock it using the same encryption software and secret code. If you remove a locked hard drive, it may be more difficult to access. Some hard disk password features, such as HP’s DriveLock, only work if the drive is inside the computer. You can’t simply connect it as an external drive and unlock it if your computer fails and you need to recover the files.
Should You Set a Hard Disk Password? No, Just Use Encryption
Think of your hard disk as a room containing all the files on your hard drive. A hard disk password is a lock on the door to that room. Once someone has removed the lock or burrowed in from the outside, they have full access to all your files.
On the other hand, think of whole-disk encryption as taking all the files on your hard drive and scrambling them with a code only you know. The files themselves are useless unless someone knows your secret code. There’s no getting around that by disabling or bypassing a lock. The files themselves are protected because they’re useless without the key.
Encryption is simply the most secure way to protect the files on your hard drive. It’s also more convenient than messing with hard disk passwords. Rather than set a hard disk password, enable whole-disk encryption — use the free TrueCrypt application, enable BitLocker on Enterprise versions of Windows, or enable FileVault encryption on Mac OS X. New Windows 8.1 devices are even starting to use encryption by default.
There’s no real reason to use a hard disk password. Encryption provides much more security and is more convenient to use. Skip your computer’s hard disk password feature and encrypt its hard drive if you actually want to protect your files.