Frequently Asked Questions
Q: What is encryption?
A: According to The American Heritage New Dictionary of Cultural Literacy, Third Edition, Encryption is "The process of encoding a message so that it can be read only by the sender and the intended recipient." Whole Disk Encryption means all files on a computer are encrypted so that the information cannot be accessed by someone who does not have permission to access it. If an encrypted laptop is stolen, the thief cannot recover the sensitive information contained within the computer unless the thief has the password (or key) with which the information was encrypted. Furthermore, once the laptop was reported stolen, the Security Office could determine there is a substantially lower risk that the information is compromised because the laptop was encrypted.
Q: Why am I required to encrypt my computer?
A: You are required to have your computer encrypted because the Security Office has determined that you have access to, and routinely work with, sensitive information such as Personally Identifiable Information (PII) including social security numbers, Payment Card Industry (PCI) information including credit cards and account numbers, information protected under the Health Insurance Portability and Accountability Act (HIPAA) such as insurance policies and medical records, or other similar regulations which apply to the university and its functions.
Q: Will Whole Disk Encryption make my computer slow?
A: WDE should not reduce the overall performance of your computer. However, during the encryption process you may experience some latency in normal tasks. Once the computer has completed the encryption process there will be a slight delay during the boot up process. Once the Operating System (Windows, Mac OS X) has loaded, there should be no change in performance. If you suspect performance is being affected, please contact Technical Support Services or your System Administrator to determine the cause.
Q: I forgot my pre-boot passphrase! Is my information lost?
A: No need to worry. Rest assured your information is not lost. ITS can assist you in booting your computer and resetting the pre-boot passphrase. Contact Technical Support Services or the ITS Helpdesk to initiate the recovery process.
Q: I changed my Net ID password, but now I can't boot my computer.
A: Changing your password using help.divinedestinations.info or from your workstation will not update your pre-boot passphrase. Please note, setting the pre-boot passphrase the same as your Net ID password is not advised. It is a good idea, however, to update your pre-boot passphrase periodically. Contact Technical Support Services or your System Administrator for assistance.
Q: I changed my Net ID password on a different computer, will I still be able to log in to an encrypted computer?
A: Yes. When you change your password and attempt to log in to a computer encrypted with SafeGuard, you will be prompted to update your password before you log in. You will need your old password as well as your new password. Providing this information will update the encryption platform to ensure that you have access to your encrypted files.
Q: Do I need to encrypt my smartphone as well?
A: At this time, our encryption platform does not support mobile devices and the Security Office is not requiring smartphones to be encrypted. If you receive your university email on your smartphone, you should consider encrypting your phone using the native encryption available from within all Android or Apple smartphones (most Apple devices are encrypted by default but depend on a strong passcode to provide full protection). Keep in mind that ITS cannot recover your smartphone's passcode if you forget it.
Q: If I already encrypt my devices, will I need to also encrypt with Sophos?
A: Those required to encrypt their devices will need to decrypt, then re-encrypt using Sophos SafeGuard Encryption. This will enable ITS to fully support the encryption technology and ensure that Encryption is implemented in compliance with University Policy APM 30.11.
Q: If I wish to remove encryption, can I just turn off BitLocker?
A: No, the device will be re-encrypted by Sophos SafeGuard in order to comply with APM 30.11. If you wish to remove encryption, please contact the ITS Help Desk and give a reason why that machine should not be encrypted. The ITS Security Office will need to decide whether an exception can be made and will assist in the removal of SafeGuard
Q: When I log in to my computer, I get asked for my password again. What can I do to prevent this?
A: After you enter your pre-boot passphrase you will need to log in to Windows. You should see that there are two "account" icons with your username associated with them; one has your normal account picture, and the other has a circular "target" like image. If you use the account icon with the "target" image, which indicates that it is the account associated with Whole Disk Encryption, you should not receive an additional prompt for your password.
The prompt is only necessary when you do not log in using the WDE account, however, once you have provided the password in the additional prompt, there is no difference in functionality. It is simply more convenient to use the WDE account.