SSD Data Protection

I have a passkey to start my pc, but in the event someone stole my pc, can they simply take the SSD out and put it in another pc to access the data?

I have my MS OS and Data on two separate Samsung 970 EVO Plus NVMe M.2 SSD's.

If someone can just put my Data SSD into another pc to access it, can I use Samsung Magician to Encrypt the drive, and if so what is the process? Going by the two screen shots from Samsung Magician the process is unclear to me. If I only want to encrypt the Data SSD, can I just enable encryption and do a secure erase for my Data SSD, or do I also need to do a clean install of the OS?

Should I also encrypt the MS OS SSD?

Thank you for anyone who has the patience and expertise to help, I'm just concerned If my pc was stolen, someone can easily get around login into my pc by removing the SSD and putting it into another pc to access my Data.

I have the latest Samsung Magician installed version 8.0.0

What exactly do you mean by "I use a passkey to start my PC"?

Whatever the case, the best way to get the "security at rest" you seek is to use Bitlocker on everything, specifically software encryption if there's a choice. This will ensure that if your PC is stolen while powered down or hibernated (NOT in sleep mode), your drives will be inaccessible as long as they don't have your Bitlocker credentials.

Note that since you're using SSDs, you should encrypt the whole drive, not just the part in use. This should avoid data leakage due to the way SSD writing works.

Hi barreleye, thank you for your reply.
Sorry, correction, regarding the passkey, I meant PIN.

I did a little more reading following your comments, and I agree with your Bitlocker is not only then best option but also the easiest to manage.
Initially, i was under the impression the process to encrypt an internal SSD was the same as an external portable SSD. But now I know its not, as the external portable SSD has an app installer on then you can just run to activate. Where as for an internal SSD for OS or Data drive you use Bitlocker.
Thank you, i'll have to consider upgrading windows version from Home to Pro in order to access Bitlocker.

Is my understanding correct?

There's no difference between encrypting an internal or external drive using Bitlocker. There's no "app installer" involved; that sounds more like the software that comes on some USB thumb drives, which I never use and always erase.

oh, thanks for pointing that out.
I've been looking at getting a external SSD as I only have a USB thumb drive, and when I saw the installer app on it I thought it would be the same on an external SSD.

The external device I've been looking at is the Samsung T7 Portable SSD Drive. So when they say it has encryption (AES 256-bit hardware encryption), does that just mean its capable of encryption, but you still need software like Bitlocker?

Also, the Samsung T7 Portable SSD Drive lets you secure the data with a password, is password as good as encryption?

xKoMox said:

Also, the Samsung T7 Portable SSD Drive lets you secure the data with a password, is password as good as encryption?

Click to expand...

Using a password turns on the hardware encryption, so yes, it's as secure as it can be. From the manual:

Samsung said:

Because T7 utilizes advanced encryption technologies, user data cannot be accessed if password is lost or forgotten. Please write down your password and store it in a safe place. If the product cannot be used due to user’s failure to enter correct password, the only way to restore product is to have it reset to factory settings via an online service by a Samsung Service Center. However, restoring the device to factory settings will result in a complete loss of all user data. Please be sure to backup important data on a regular basis.

Click to expand...