Whole Disk Encryption FAQ – March 2015

Owned by Marc Echternach (Deactivated)
Dec 06, 2017
4 min read

What is whole disk encryption?

Whole disk encryption encrypts the entire hard disk of your computer, requiring a password before the operating system can boot. This layer of security prevents a third party from being able to read the contents of the disk with using methods to bypass booting the disk.

If your computer is ever lost or stolen, this prevents the data from being accessed.

If you ever forget your passphrase, or need assistance logging in to your computer, you can contact the university service desk at 852-7997.

Why should I use PGP?

If you work with sensitive data, the University of Louisville requires that you use a whole disk encryption product, such as PGP. The university provides licenses for PGP at no cost. If your computer is ever lost or stolen, this prevents the data from being accessed by an unauthorized third party.

Unauthorized data disclosures/breaches can carry criminal penalties in the State of Kentucky, including fines and jail time. In most cases, an encrypted drive alleviates the need for a breach notification to the public, or to the State Attorney General.

The encryption software runs in the background, almost completely transparently. Computer performance is not impacted. There are no extra passwords or passphrases to remember.

Who should use Whole Disk Encryption?

The office of the provost has mandated that all university equipment have whole disk encryption software installed. There is an exception process available allowing use of equipment without encryption software. In order to file for an exception, the user of the equipment must assume accountability for all sensitive data stored on their equipment.

I changed my password, and the PGP login is only accepting my old (previous) password.

PGP synchronizes to your AD password after a successful Windows login. When changing a password, first make sure that you are connected to the university domain. Once the password has been changed at password.louisville.edu, log out of Windows. To log out, press Ctrl+Alt+Del and select Sign Out or Log Out, depending on what operating system you are using. Log back in to the machine with your new password. Wait a few minutes for the synchronization to complete in the background, and then reboot. PGP should now accept your new password.

What if I have a Mac or Apple computer?

Apple computers come with encryption software built in to the operating system. The software is called FileVault. It offers the same AES 128-bit protection that is found in PGP. See the IT Encryption Information web page for FileVault setup instructions.

Why does the software require five recovery questions?

PGP required 5 recovery questions to increase the chances of a successful login in the event that you forget your password, and cannot contact the University Service Desk. If a password is forgotten, the self-service recovery process can be started at the pre-boot login screen. Only three out of the five questions need to be answered correctly to allow login to Windows. The questions can be customized to liking. The option is also available to make your own custom questions. All answers must contain at least 6 characters.

How will Whole Disk Encryption change how I use my computer?

PGP Whole Disk Encryption requires you to authenticate with your AD passphrase when you power on your computer, before Microsoft Windows starts. Once you have authenticated, on-the-fly encryption is enabled and your computer will resume the normal startup process. The computer will look and behave exactly as it did before encryption software was installed.

Do I have to remember a new password in addition to my Windows login password?

No, the PGP software will sync automatically to your AD password. It will also automatically log in to Windows once the username and password are entered in to the PGP login screen. When passwords are changed, the encryption software will automatically sync in the background.

What happens if I forget my password?

If you forget your password, you will need to contact the University of Louisville Service Desk at 852-7997. Technology staff members can assist you with login.

Does PGP Whole Disk Encryption affect how I use any of my applications?

No. While you are logged in to the system, all applications, including email and other network software, run unaffected. The encryption/decryption process is a completely transparent activity.

Can I put my PGP Whole Disk Encryption protected laptop into hibernation or sleep modes?

Yes. The PGP software supports Windows hibernation and standby modes. When the system comes out of hibernation, you will be required to authenticate through PGP again.

What do I do if a certificate warning appears after installing the PGP software?

Select the "Always Allow" option to trust the certificate in use by the PGP server.

How does the PGP software stay up to date?

The PGP client software will be updated periodically to improve performance and compatibility. The client will prompt you to update. This update requires a restart to complete. The Office of Information

Technology will send an email notification at least one week in advance before a client software update is made available.