Helping people with computers... one answer at a time.

When sending your computer out for repair, you're handing over everything on it, including your data. Options for remaining secure are limited.

How does one secure their hard drive while sending the computer to a repair facility? I have personal financial information on my hard drive and will just a password provide sufficient protection while the computer is in the shop?

What you've presented is actually quite a dilemma. The problem is that there's really no fool-proof solution to your scenario. In fact, I've heard of companies occasionally not repairing hard drives because it might mean that sensitive data might be visible to the repair technicians.

Your options are limited, but if you can plan ahead for it there's a chance.

The problem is that handing your computer over to a technician for repair violates one of the fundamental principals of security: if 's not physically secure, it's not secure.

Handing your computer to someone else is fundamentally insecure.

In a sense, it boils down to trust. In an ideal world, you would have a totally trustworthy technician working on your machine. In the real world, we've all heard of data being stolen by folks with access to your machine.

So what to do?

The only secure solution is to encrypt your data. You might opt for whole-disk encryption, but that might well thwart the technicians ability to fix your machine, since he'll need access to deal with any software issues.

"Handing your computer to someone else is fundamentally insecure."

The more practical solution might be to create an encrypted volume using a tool like TrueCrypt and place all of your sensitive information therein. Leave that volume password protected, and unmounted by default, and the technician can work on your machine without being able to access your financial information.

The problem may well be this: you need a working machine to set that up. If your machine is so broken that you can't set that up, then you're stuck. It's really something you probably want to set up ahead of time.

If the problem you're having the technician look into is not hard disk related, one option might be to remove the hard disk while he works on your machine. He (or you) would no doubt need to provide a temporary hard disk so he can work on your machine, but at least that wouldn't have your data on it. When you get the machine back you replace your hard drive and hopefully all is well.

The problem is that any password protection you might put on your files, short of actually encrypting them with a tool like TrueCrypt or AxCrypt (a file by file encrypter) is likely to be easily broken. That includes login passwords and Windows own built-in filesystem security features.

Short of that, unless readers have additional suggestions, it boils down to trust.

Choose your technician wisely.

Article C3630 - January 29, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

11 Comments
KPTECH
January 29, 2009 10:45 AM

No one mentioned backing up your data before sending your system in for repairs. If you haven’t done this yet, you are getting the cart before the horse. Assuming, however, that you can, and have backed up your system…

Encrypting your data might keep it out of the hands of others but besides loss from theft, other things can happen that might cause you to lose your data altogether. If you need to ship the system in for repairs, it could be physically damaged in transit or there are a number of other things that could happen. For example, it's not unheard of for a "service depot" technician to perform a destructive re-install of the operating system in an attempt to fix what he thinks is a software problem. They’re hardware experts, and usually not experienced at fixing software problems, so sometimes they use the “shotgun” approach. When you get your system back, it works just like it did when it was brand new. --Without your programs and data!

Of course you have your backups, but it can take a lot of time and effort to get your system back to a point where you can be productive again. --Installing programs, restoring data, setting up Windows the way you like it, etc, etc…

For this reason, I prefer Leo’s second suggestion. If at all possible, arrange to send the system in with a different or no hard drive. It’s the only way to be 100% sure you won’t lose any data either from theft or mishap.

John Williams
February 4, 2009 9:23 AM

Back everything p regularly with a disk imagine program and then wipe the disk -properly -before sending in the pc for repair

Banyarola
February 4, 2009 9:32 AM

If possible I would put in a substitute hard drive if available.Almost everyone I know that has brought a PC in for repair has had the hard drive formatted by the tech even if you leave instructions for them now to do so.
[link removed]

Ken Laninga
February 4, 2009 9:37 AM

I "Hide" my sensitive folders with Free Hide Folders from http://www.itusoft.com/hide_folder/free_hide_folder.htm
works for me but don't lose your password. I THINK they can help you recover it if you lose it so maybe a service person could also pretend to be YOU and get that help to get into your stuff.

Jim Shipton
February 4, 2009 9:50 AM

My Solution - I have a second H/D that I have straped as a slave and use hardware from Manhatan (Hi-speed USB 2.0 to SATA/IDE Adapter w/powersupply about $25.00). That way I can save my data to the slave and after any repairs I just transfer my data back to my orignal H/D. Very User friendly.

WOFTBO
February 4, 2009 11:56 AM

Sending back a laptop without a booting hard disk drive is not acceptable to at least one of the largest mfg's (provided the problem is not the hdd). Jim's solution above would be one the best.

dgr
February 4, 2009 2:22 PM

This is basically Jim's ans above but with a twist. It seems to me that the simplest way is to put your sensitive data on an external drive. With your data there it doesn't matter what happens to your computer. Basically, you don't worry about sensitive data on your computer because it never was on your computer in the first place. BTW, I just got a 1TB drive for under $130.

Two issues: 1) what if that external drive fails? (i.e. be sure you backup), and 2) what about sensitive data whose location you can't control, (i.e. perhaps there's something you'd consider "sensitive" in your registry?)
- Leo
06-Feb-2009

Shawn Patrick
February 4, 2009 3:47 PM

I'm glad that there are others that have taken the words right out of my mouth. Always do you best to learn how to keep your pants at your waistline and not at your knees. LOL Shawn Patrick from Toronto, Canada

L. O'Neal
February 8, 2009 12:50 AM

When I get a new computer or install a new HDD, the the first thing is to make an image of the HDD with Acronis True Image to external media. Then make regular image backups. Before turning the computer over to someone else, Wipe the HDD and put the orignal image back on it.

Jenny
March 15, 2009 12:52 AM

Some very good suggestions. Thanks. However one of my concerns, not covered, is how to securely lockdown one's email client prior to handing over the computer? Seems to me that email itself often contains a huge amount of personal data. Mine sure does. Password protection of the app is sometimes possible, but useless, as so easily broken.

Just a word here too about the security passwords built into laptops. These provide very good protection, too good, as I found out to my lasting regret when I spilt a BIT of water onto the k'board. Some of the keys shorted and I was no longer able to enter a part of my password, so was permanently locked out of my laptop. An external USB keyboard of course was no help at all. These passwords are so built-in esp. the SVP which I believe resides in a hidden chip on the m'board, that you're hosed if you forget them or have a disaster like mine. Seems there's no password unlocking utilty around that can recover them. Well I certainly hadn't forgotten mine. So be warned!

If anyone's got any lateral thinking on a solution for this, other than a new MB, please reply.

I store all my mail folders on an encrypted TrueCrypt drive. Without the password, they can't be seen.
- Leo
15-Mar-2009
Gabreil Garrigues
April 5, 2009 1:37 PM

Hi

Thanking Leo.
Regarding this problem how a technicine is going to repair your computer if the hard disk is empty ?
I was rather thinking of a deontological protection.

The technician will boot from a diagnostic CD or other media.
- Leo
06-Apr-2009

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.