SSD Data Protection


xKoMox

Member
Local time
3:11 PM
Posts
3
OS
Windows 11
I have a passkey to start my pc, but in the event someone stole my pc, can they simply take the SSD out and put it in another pc to access the data?

I have my MS OS and Data on two separate Samsung 970 EVO Plus NVMe M.2 SSD's.

If someone can just put my Data SSD into another pc to access it, can I use Samsung Magician to Encrypt the drive, and if so what is the process? Going by the two screen shots from Samsung Magician the process is unclear to me. If I only want to encrypt the Data SSD, can I just enable encryption and do a secure erase for my Data SSD, or do I also need to do a clean install of the OS?

Should I also encrypt the MS OS SSD?

Thank you for anyone who has the patience and expertise to help, I'm just concerned If my pc was stolen, someone can easily get around login into my pc by removing the SSD and putting it into another pc to access my Data.

I have the latest Samsung Magician installed version 8.0.0
 
Windows Build/Version
23H2

Attachments

  • Samsung Magician - Encrypted Drive.pdf
    84.3 KB · Views: 1
  • Samsung Magician - Encrypted Drive HELP.pdf
    163.5 KB · Views: 1

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel Core i7-12700KF
    Motherboard
    MSI MAG Z690 Tomahawk WiFi DDR4
    Memory
    Corsair Vengeance RGB Pro 32GB 3200MHz (2x16GB) DDR4
    Graphics Card(s)
    Zotac Gaming GeForce RTX 3070 Ti Trinity OC
    Screen Resolution
    1440p
    Hard Drives
    Samsung 970 EVO Plus NVMe M.2 SSD 1TB - MS OS
    Samsung 970 EVO Plus NVMe M.2 SSD 1TB - Data
    Samsung 970 EVO Plus NVMe M.2 SSD 2TB - Steam Games
    Seagate BarraCuda 3.5 inch SATA HDD 2TB - Back Up
    PSU
    Corsair RM750 750W Gold ATX
    Case
    Corsair 4000D Airflow Tempered Glass Mid-Tower
    Cooling
    Corsair iCue H150i Elite Capellix
    Keyboard
    Keychron Q3
    Mouse
    Razer Deathadder V3 Pro
    Internet Speed
    52 up / 19 down
    Browser
    Chrome
    Antivirus
    Windows Defender
What exactly do you mean by "I use a passkey to start my PC"?

Whatever the case, the best way to get the "security at rest" you seek is to use Bitlocker on everything, specifically software encryption if there's a choice. This will ensure that if your PC is stolen while powered down or hibernated (NOT in sleep mode), your drives will be inaccessible as long as they don't have your Bitlocker credentials.

Note that since you're using SSDs, you should encrypt the whole drive, not just the part in use. This should avoid data leakage due to the way SSD writing works.
 

My Computer

System One

  • OS
    Windows 11
Hi barreleye, thank you for your reply.
Sorry, correction, regarding the passkey, I meant PIN.

I did a little more reading following your comments, and I agree with your Bitlocker is not only then best option but also the easiest to manage.
Initially, i was under the impression the process to encrypt an internal SSD was the same as an external portable SSD. But now I know its not, as the external portable SSD has an app installer on then you can just run to activate. Where as for an internal SSD for OS or Data drive you use Bitlocker.
Thank you, i'll have to consider upgrading windows version from Home to Pro in order to access Bitlocker.

Is my understanding correct?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel Core i7-12700KF
    Motherboard
    MSI MAG Z690 Tomahawk WiFi DDR4
    Memory
    Corsair Vengeance RGB Pro 32GB 3200MHz (2x16GB) DDR4
    Graphics Card(s)
    Zotac Gaming GeForce RTX 3070 Ti Trinity OC
    Screen Resolution
    1440p
    Hard Drives
    Samsung 970 EVO Plus NVMe M.2 SSD 1TB - MS OS
    Samsung 970 EVO Plus NVMe M.2 SSD 1TB - Data
    Samsung 970 EVO Plus NVMe M.2 SSD 2TB - Steam Games
    Seagate BarraCuda 3.5 inch SATA HDD 2TB - Back Up
    PSU
    Corsair RM750 750W Gold ATX
    Case
    Corsair 4000D Airflow Tempered Glass Mid-Tower
    Cooling
    Corsair iCue H150i Elite Capellix
    Keyboard
    Keychron Q3
    Mouse
    Razer Deathadder V3 Pro
    Internet Speed
    52 up / 19 down
    Browser
    Chrome
    Antivirus
    Windows Defender
There's no difference between encrypting an internal or external drive using Bitlocker. There's no "app installer" involved; that sounds more like the software that comes on some USB thumb drives, which I never use and always erase.
 

My Computer

System One

  • OS
    Windows 11
oh, thanks for pointing that out.
I've been looking at getting a external SSD as I only have a USB thumb drive, and when I saw the installer app on it I thought it would be the same on an external SSD.

The external device I've been looking at is the Samsung T7 Portable SSD Drive. So when they say it has encryption (AES 256-bit hardware encryption), does that just mean its capable of encryption, but you still need software like Bitlocker?

Also, the Samsung T7 Portable SSD Drive lets you secure the data with a password, is password as good as encryption?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom Build
    CPU
    Intel Core i7-12700KF
    Motherboard
    MSI MAG Z690 Tomahawk WiFi DDR4
    Memory
    Corsair Vengeance RGB Pro 32GB 3200MHz (2x16GB) DDR4
    Graphics Card(s)
    Zotac Gaming GeForce RTX 3070 Ti Trinity OC
    Screen Resolution
    1440p
    Hard Drives
    Samsung 970 EVO Plus NVMe M.2 SSD 1TB - MS OS
    Samsung 970 EVO Plus NVMe M.2 SSD 1TB - Data
    Samsung 970 EVO Plus NVMe M.2 SSD 2TB - Steam Games
    Seagate BarraCuda 3.5 inch SATA HDD 2TB - Back Up
    PSU
    Corsair RM750 750W Gold ATX
    Case
    Corsair 4000D Airflow Tempered Glass Mid-Tower
    Cooling
    Corsair iCue H150i Elite Capellix
    Keyboard
    Keychron Q3
    Mouse
    Razer Deathadder V3 Pro
    Internet Speed
    52 up / 19 down
    Browser
    Chrome
    Antivirus
    Windows Defender
Also, the Samsung T7 Portable SSD Drive lets you secure the data with a password, is password as good as encryption?
Using a password turns on the hardware encryption, so yes, it's as secure as it can be. From the manual:

Samsung said:
Because T7 utilizes advanced encryption technologies, user data cannot be accessed if password is lost or forgotten. Please write down your password and store it in a safe place. If the product cannot be used due to user’s failure to enter correct password, the only way to restore product is to have it reset to factory settings via an online service by a Samsung Service Center. However, restoring the device to factory settings will result in a complete loss of all user data. Please be sure to backup important data on a regular basis.
 

My Computers

System One System Two

  • OS
    Windows 11 Home
    Computer type
    Laptop
    Manufacturer/Model
    Acer Aspire 3 A315-23
    CPU
    AMD Athlon Silver 3050U
    Memory
    8GB
    Graphics Card(s)
    Radeon Graphics
    Monitor(s) Displays
    laptop screen
    Screen Resolution
    1366x768 native resolution, up to 2560x1440 with Radeon Virtual Super Resolution
    Hard Drives
    1TB Samsung EVO 870 SSD
    Internet Speed
    50 Mbps
    Browser
    Edge, Firefox
    Antivirus
    Defender
    Other Info
    fully 'Windows 11 ready' laptop. Windows 10 C: partition migrated from my old unsupported 'main machine' then upgraded to 11. A test migration ran Insider builds for 2 months. When 11 was released on 5th October it was re-imaged back to 10 and was offered the upgrade in Windows Update on 20th October. Windows Update offered the 22H2 Feature Update on 20th September 2022. It got the 23H2 Feature Update on 4th November 2023 through Windows Update.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Lattitude E4310
    CPU
    Intel® Core™ i5-520M
    Motherboard
    0T6M8G
    Memory
    8GB
    Graphics card(s)
    (integrated graphics) Intel HD Graphics
    Screen Resolution
    1366x768
    Hard Drives
    500GB Crucial MX500 SSD
    Browser
    Firefox, Edge
    Antivirus
    Defender
    Other Info
    unsupported machine: Legacy bios, MBR, TPM 1.2, upgraded from W10 to W11 using W10/W11 hybrid install media workaround. In-place upgrade to 22H2 using ISO and a workaround. Feature Update to 23H2 by manually installing the Enablement Package. Also running Insider Beta, Dev, and Canary builds as a native boot .vhdx.

    My SYSTEM THREE is a Dell Latitude 5410, i7-10610U, 32GB RAM, 512GB ssd, supported device running Windows 11 Pro (and all my Hyper-V VMs).

    My SYSTEM FOUR is a 2-in-1 convertible Lenovo Yoga 11e 20DA, Celeron N2930, 4GB RAM, 256GB ssd. Unsupported device: currently running Win10 Pro, plus Win11 Pro RTM and Insider Beta as native boot vhdx.

    My SYSTEM FIVE is a Dell Latitude 3190 2-in-1, Pentium Silver N5030, 4GB RAM, 512GB NVMe ssd, supported device running Windows 11 Pro, plus the Insider Beta, Dev, and Canary builds as a native boot .vhdx.

Latest Support Threads

Back
Top Bottom