new laptop and encryption options

in Techie Stuff
16 replies 1.5K views
Hi everyone,

I am going around in circles here and hoping you guys can share your knowledge and experience to assist me. I am looking to buy a new laptop and ensure I have security and encryption features and I am getting confused with all the information I have read on encryption.

I need to have high level of encryption to store my own personal confidential material and also work-related files. I also want to get as high spec a laptop as I can for approx £500 (minus software) so that it lasts several years, though if necessary there is a little flexibility with my budget.

I originally looked at Windows 10 pro which I believe has in-built encryption. The laptops with Windows pro generally had TPM (Trusted Platform Module) and whilst I don't really understand how TPM works I think it encrypts the whole drive and can work with Bitlocker. However, the laptops with windows pro installed were a limited range and appears more expensive with less storage etc than laptops I have seen in PC world. If I opt for a laptop with standard windows it would cost almost £200 to upgrade to Windows Pro.

Currys/PC world staff have advised that a laptop with Windows Home will be sufficient if I use it with McAfee total protection (has data encryption) and Know How cloud storage (they advised me this is encrypted to the standard the government use). The staff member I spoke to did not know what TPM was and it turns out the laptop he recommended did not have this.

The laptop recommended, which I do like is:
HP 15-ac153sa 15.6" Laptop for £499 (in Black Tag sale - staff say I can reserve today and decide tomorrow).
Intel® Core™ i7-4510U Processor; Dual-core; 2 GHz / 3.1 GHz with Turbo Boost; 4 MB cache
Windows 10 (pre-installed)
Memory: 8 GB
Storage: 2 TB

The alternative is:
HP ENVY 15-ae065sa (not in Black Tag sale) for £649
Intel® Core™ i5-5200U Processor; Dual-core; 2.2 GHz; 3 MB cache
Memory: 8 GB
Graphics: NVIDIA GeForce 940M
Storage: 1 TB

So, my main questions are:
1. For full drive encryption do I need TPM built into laptop. I read it is possible to use Bitlocker with key on USB instead but apparently this is not as secure.
2. Feedback on your experience of using McAfee Total Protection or Know How cloud for storing files confidentiality. Particularly for the Know How cloud - if I need to delete a file will it be permanently deleted? Are files in clouds really safe compared to only being on a laptop's hard drive.
3. Would an alternative solution be to buy an external hard drive or USB storage with encryption and store all confidential information on this and then lock in filing cabinet?
4. Any feedback on the two laptops I mentioned above.

If you have got this far, I appreciate your time in reading my rather long post.



  • edited 30 November 2015 at 10:52PM
    FightsbackFightsback Forumite
    2.5K Posts
    edited 30 November 2015 at 10:52PM
    As of next year TPM 2.0 is a mandatory requirement for Windows 10

    "Windows 10 for desktop will be available on devices with or without TPM at launch… but by the summer of 2016 Microsoft will require all computers shipping with the desktop version of the operating system to feature TPM 2.0."

    Science isn't exact, it's only confidence within limits.
  • debitcardmayhemdebitcardmayhem Forumite
    11.3K Posts
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Currys/PC world would I trust their staff or them, not until hell freezes over.
    Ditto McAfee (Mcrappy) ....
    Cloud storage - no when it goes to the cloud how many servers is it on and where , deleting it and staying deleted doubtful I am sure they must take backups, and how long do they keep them for? Once the data goes up who knows where it goes and who has access to it.

    If it is confidential don't leave it to others unless you encrypt it yourself first, and then if they get a copy then they can spend all of the time it takes to crack it to be able to access it.
    Lock it in a filing cabinet , not very secure though is it the bad guys could take the lappy and the filing cabinet. Encrypting disks is a good idea but if the data is available when you are using your lappy then it will be available to the world if you don't take steps not to allow the burglars in via the internet.
    🍺 😎 Still grumpy, and No, Cloudflare I am NOT a robot 🤖
  • Thank you both for responding so quickly.

    Creditcardmayhem, I appreciate your opinion and you have confirmed my concerns about cloud storage. I want to find a way where I have control over encryption and can ensure if I delete a file there is not another backup floating about somewhere.

    Fightsback, I am wondering if I should go for laptop with TPM even if it is more expensive.

    After some more reading, it looks like hardware encryption is better than software encryption and I guess there is no harm in using both. Encrypted portable hard drives are not too expensive though I think having encrypted hardware built into laptop might be more secure. I am not sure if I use a portable hard drive for confidential info whether a temporary file will be saved on my laptop when I access the file.

    Dell latitude range have built in hardware encryption and are reasonably priced. Does anyone have pros and cons of Dell based on experience?

    Creditcardmayhem, I agree I need to consider protection against internet burglars. As you disapprove of McAfee, I wonder if you could offer an alternative.

    I guess if I put my laptop or any external storage in my locked filing cabinet there may be a chance someone could steal the whole filing cabinet but then an encrypted device is going to be more secure than any paperwork stored in the filing cabinet.

    Thanks again for your comments.
  • windupwindup Forumite
    339 Posts
    why does the data need this level of security
  • techno12techno12 Forumite
    705 Posts
    Part of the Furniture 500 Posts Combo Breaker
    You could just go for the cheap laptop and encrypt the whole drive using DiskCryptor or similar (the old netbook I'm writing this reply on is using it - no TPM needed).

    I tried VeraCrypt but it took several minutes to authenticate my password on boot so was useless (DiskCryptor is instant)
  • Neil_JonesNeil_Jones Forumite
    8K Posts
    Part of the Furniture 1,000 Posts Name Dropper
    The BIOS on most new laptops has an option to set a hard drive password, which is the next best thing to encryption - no password = no boot. It transfers with the drive.

    Of course if you forget this password, there is no recovery route. It's not as secure as the encryption route but its an extra layer of security if you like.

    With SSDs it is said (but not conclusively proved one way or another) that the extra read/write required to encrypt/decrypt the drive (on the fly) may cause it to wear out faster.
  • Thanks all for your comments.

    Windup, the brief answer to why I need a high level of security is that some of the confidential information held is employee records and also customer records. The laptop will primarily be for personal use however there will also be some business use and for the business use I need to ensure data held securely to meet data protection laws.

    I will look at alternative encryption options suggested for use without TPM. Hard drive password is an added security feature. I have used finger print log in before and I heard it is now possible to log in with facial recognition.
  • Neil_JonesNeil_Jones Forumite
    8K Posts
    Part of the Furniture 1,000 Posts Name Dropper
    Finger Print login can be tricked and it was proved that it was possible (though a pain in the backside to do it) to fool an iPhone.

    The same principle can apply to facial recognition, as simply as holding a photo up to the camera at the right angle/distance. Personally I wouldn't trust it.
  • Johnmcl7Johnmcl7 Forumite
    2.8K Posts
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    I think it's definitely worth looking at business laptops for your needs, they tend to come with longer warranties as standard and their design usually makes repairs and upgrades more viable further down the line. Amongst the downsides are the fact business laptops are usually less attractive and you pay a bit more for it.

    I'd recommend a look on the Dell Outlet business store for Latitudes, these are customer returns but can be a decent discount over a new laptop and they still come with a three year next business day on site warranty.

  • edited 1 December 2015 at 2:40PM
    windupwindup Forumite
    339 Posts
    edited 1 December 2015 at 2:40PM
    are you an employee of the the company that owns the data? if so, they should be providing a solution if you are allowed to hold and process this data on a home laptop ... veracrypt container on an external drive
This discussion has been closed.
Latest MSE News and Guides

Boost your Nectar points

Get up to £25 this Saturday

MSE News

Preparing for summer

What MoneySaving things can you do now to get ready?

MSE Forum

Hot Diamonds 40% off code

Including already-reduced outlet stock

MSE Deals