You’ve probably heard a bit about encryption, but it sounds like something too complex, too specialist, to consider using yourself.
But encryption is simply a means of scrambling your data into seemingly-random characters, called ciphertext, which can only be unscrambled into meaningful information when an authorized user enters the correct decryption key. The key is just a passphrase, password, or PIN.
It’s a lot more straightforward than most think. Nonetheless, you might feel a little too in-the-dark to make use of encryption, so let’s bust some encryption myths!
1. Only Big Corporations Use Encryption
The root of this myth likely stems from the idea that only international organisations are worth targeting, but that’s simply not true. If it were, there’d be little need for security suites protecting your own PCs.
Your data, even the basic information, is worth stealing because it can all be sold on by scammers. Breaching your home security is one way to achieve identity theft. In order to keep your personal information private, it needs to be scrambled. Data you enter online is even encrypted (on sites using HTTPS, at least) and ensured using SSL/TSL certificates.
Actually, encryption is used more often than you think. As of last year, Apple claims to have sold 700 million iPhones, with an estimated 101 million users in the USA alone. And if those people are security-conscious, they’ll have activated passcode locks. That’s a form of encryption because if an unauthorized user tried to scroll through their contacts, peruse their photos, or traverse Twitter, they wouldn’t be able to without the correct passcode.
TEDTalks: When the rich and powerful are the only ones with access to encryption, it becomes a civil rights issue, says csoghoian #TEDSummit
— TEDxSacramento (@tedxsacramento) June 29, 2016
2. It’s Really Hard to Implement
You might be thinking, “Sure, it’s easy to turn encryption on when you’ve got an iPhone, but I bet it’s more difficult on Android. And what about my PC? I bet that’s near impossible to encrypt!”
— Paolo Stivanin (@polslinux) June 29, 2016
Admittedly, difficulties vary depending on the mobile OS, but not that greatly. Windows 10 Mobile just requires you to go on Settings > System > Device encryption. Since Android Lollipop, encryption comes as default (unless you’re getting a low-end model). Smartphone manufacturers have realized the need for this added layer of security.
But it’s pretty simple on PCs and laptops as well. Device encryption was first introduced for Windows 8.1, and any PCs with Windows 10 are supposed to use it as default — on the condition that you sign in using a Microsoft account. To check whether you’re using encryption (and to enable it), go on Settings > System > About. If the device encryption option isn’t there, you won’t be able to protect your files without something like BitLocker or these alternatives — some of which also apply to Macs and Linux. Explore other routes for protecting your data, sure, but don’t be put off encryption: it’ll be worth it in the long run!
The level of control you can have over encryption is astonishing too. You can actually encrypt individual files. How? On Windows, you right click on a file or folder and go Properties > Advanced > Encrypt contents to secure data; when you close the Advanced tab, click Apply.
Linux makes it quite easy to encrypt personal information (and if you’re au fait with open-source software, it’s unlikely you’d be put off the hassle of encryption anyway)… but make sure you know the downsides of it.
3. You Don’t Need to Encrypt Data if You Use Factory Resets
Selling your mobile, device, or laptop using an online auction site? You can fetch big bucks for your old hardware, getting a vital boost to your bank balance by sacrificing something you don’t even use anymore. But if thieves got hold of your items, they can glean a lot about you. This is a problem if you’re recycling your hardware too.
Likely perpetuated by the Factory Resets on smartphones, most people think these will wipe your device completely clean. You’re passing on a clean slate, right? Not at all. While in most cases, the eventual recipient of your hardware won’t have the abilities or inclination to restore data about you, a determined criminal generally can.
If you do plan on getting rid of a device, either encrypt all its data then do a Factory Reset, or destroy it completely. Take a hammer to it or burn it.
The exception is the Factory Reset option on iPhones: that really does wipe the slate clean.
4. Encryption Always Affects Performance
This is true in rare cases, but for the most part, you don’t need to worry about performance lag. It’ll be negligible, and for the most part, unnoticeable.
The reason this myth does the rounds is because your PC or smartphone has to decrypt all its contents before you get access to its databases. It stands to reason that it’ll take a while. Can you be bothered to wait each time you try to get onto your files?
— 0xdeadb?be (@0xdeadbabe) June 29, 2016
Fortunately, manufacturers know their audience expects this level of security and that many would be put off if it’s at the expense of functionality. If your device is pretty new, you shouldn’t have a problem with performance. Just think of how quickly an iPhone starts up after a passcode is entered. Barely any time at all.
Disk-level encryption generally impacts performance less than application-level; even then, drives with medium- to high-end processors support Intel Advanced Encryption Standard New Instructions (AES-NI), which is designed to improve the speed of applications using encryption keys. Some people claim that encryption speeds things up!
There are, of course, exceptions. Aged PCs won’t be able to cope that quickly, but if they’re that old, the system in general will be slower than recent versions regardless.
5. Encryption is 100% Secure
Don’t get me wrong: encryption is a great way of protecting your private information, but it’s not fool-proof. Nothing ever is. Encryption is just a great start.
Encryption is only as good as your password.
— Lemon (@liamgh_) June 29, 2016
Recently, we’ve heard a lot about data breaches: the so-called Celebgate was one of the most high-profile leaks, but further notable password breaches have happened in just the past couple of months, including 32 million Twitter accounts, 42 million Gmail credentials, and 360 million emails and passwords from MySpace. That’s an astonishing amount of hacks.
Encryption keys aren’t unbreakable. iPhones were purported to be the most secure mobile OS, mostly thanks to their supposedly-impregnable encryption; if you don’t want anyone getting in, you set up a passcode and not even Apple can get into it. But earlier this year, that was proved false when a hacker, paid by the CIA, got into the smartphone of an alleged terrorist.
Probably the main weakness in encryption is storage of the keys. Whistleblower, Edward Snowden says:
“Properly implemented encryption does work… If you have a centralized database of keys, that is a massive target. We’ve got to focus on end points, we’ve got to focus on the keys, [make them] more defensible.”
Is Encryption Worth It?
??Secure your Wi-Fi?:
? Encryption ON?
? Firewall ON?
? Change default passwords!?
? Change default network names!? pic.twitter.com/bsFGy1eduN
— Derby's Digital PCSO (@DigitalPCSO) July 9, 2016
Definitely. It’s certainly not absolute, but it’s a simple and, in the majority of cases, effective way of keeping your personal information private.
Do you encrypt your devices or is something putting you off? Let us know in the comments below.