Whole Disk Encryption FAQ

Overview:

  1. What is encryption?
  2. Why am I required to encrypt my computer?
  3. Will Whole Disk Encryption make my computer slow?
  4. I forgot my pre-boot passphrase, is my information lost?
  5. Does changing my Net ID password change the pre-boot passphrase?
  6. Do I need to encrypt my smartphone as well?
  7. If I already encrypt my devices, will I need to also encrypt with Sophos?
  8. Can I turn off BitLocker?
  9. Can I temporarily suspend Bitlocker?
  10. Why do I get asked for my password twice?

Request encryption assistance

What is encryption?

According to The American Heritage New Dictionary of Cultural Literacy, Third Edition, Encryption is "The process of encoding a message so that it can be read only by the sender and the intended recipient."

Whole Disk Encryption means all files on a computer are encrypted so that the information cannot be accessed by someone who does not have permission to access it. If an encrypted laptop is stolen, the thief cannot recover the sensitive information contained within the computer unless the thief has the password (or key) with which the information was encrypted. Furthermore, once the laptop was reported stolen, the Security Office could determine there is a substantially lower risk that the information is compromised because the laptop was encrypted.

Why am I required to encrypt my computer?

You are required to have your computer encrypted because the Security Office has determined that you have access to, and routinely work with, sensitive information such as Personally Identifiable Information (PII) including social security numbers, Payment Card Industry (PCI) information including credit cards and account numbers, information protected under the Health Insurance Portability and Accountability Act (HIPAA) such as insurance policies and medical records, or other similar regulations which apply to the university and its functions.

Will Whole Disk Encryption make my computer slow?

WDE should not reduce the overall performance of your computer. However, during the encryption process you may experience some latency in normal tasks. Once the computer has completed the encryption process there will be a slight delay during the boot up process. Once the Operating System (Windows, Mac OS X) has loaded, there should be no change in performance. If you suspect performance is being affected, please contact Technical Support Services or your System Administrator to determine the cause.

I forgot my pre-boot passphrase, is my information lost?

No need to worry. Rest assured your information is not lost. ITS can assist you in booting your computer and resetting the pre-boot passphrase. Contact your TSP or SysAd to initiate the recovery process.

Does changing my Net ID password change the pre-boot passphrase?

Changing your NetID password is a separate process from changing your pre-boot passphrase. Setting the pre-boot passphrase the same as your Net ID password is not advised. It is a good idea, however, to update your pre-boot passphrase periodically.

Do I need to encrypt my smartphone as well?

At this time, our encryption platform does not support mobile devices and the Security Office is not requiring smartphones to be encrypted. If you receive your university email on your smartphone with Outlook, it requires encryption within all Android or Apple smartphones. Most Apple devices are encrypted by default, but depend on a strong passcode to provide full protection. Keep in mind that ITS cannot recover your smartphone's passcode if you forget it.

Can I turn off BitLocker?

No, the device will be re-encrypted by Intune in order to comply with APM 30.11. If you wish to remove encryption, please contact your TSP or SysAd and give a reason why that machine should not be encrypted. The ITS Security Office will need to decide whether an exception can be made and will assist in the removal of encryption if approved.

Can I temporarily suspend Bitlocker?

If you have administrator access on the local device, you can temporarily suspend Bitlocker for one reboot. This can be used to avoid the startup PIN, which can be helpful if working remotely on an encrypted machine that requires reboot. Open an administrative Powershell prompt and enter the following command:

Suspend-Bitlocker -MountPoint C:

The next time the device is powered on after a reboot or shutdown, you will not be prompted to enter your Bitlocker password. Bitlocker automatically resumes after power on. If you reboot again, you will be prompted for your Bitlocker password.

Encryption protection no longer applies when Bitlocker is suspended. You should suspend Bitlocker only as necessary.

Details

Article ID: 195
Created
Tue 12/12/17 3:08 PM
Modified
Wed 10/27/21 10:25 AM