YubiKey 4 for Disk Encryption as part of Your Password with VeraCrypt or BitLocker

YubiKey 4 for Disk Encryption as part of Your Password with VeraCrypt or BitLocker

Full Disk Encryption is the term used to indicate a technology that encrypts your entire hard drive.

Why should you use it for your own computer? Because, the Windows authentication password system is very weak and can be easily bypassed. So don’t trust to much that your Windows password it’s enough. If your computer is stolen, it’s possible to log on it and to explore all your files, pictures, documents, web browsing history.

How would you feel if someone were searching peacefully all your life? This unknown person would see the pictures of you when you were on vacation or at your child’s birthday, would have access to your calendar, or all your administrative stuff…

To avoid this, some tools can encrypt the entire disk of your computer. It means that, at every startup, you will need to type a password to boot your computer. Otherwise, your computer will stay completely unusable. And a part of this password can be stored on a YubiKey for maximum convience and security.

Software to use for Full Disk Encryption

 

BitLocker

If you have Windows 7 Ultimate or a Professional or Enterprise edition of Windows 8 or 10, BitLocker is already ready to run on your computer! Here a nice post on how to set-up BitLocker encryption.
If you don’t have any of these versions of Windows, the other solution is VeraCrypt.

 

VeraCrypt

VeraCrypt is a free and open-source utility used for encrypting the entire storage device with pre-boot authentication ; it’s like BitLocker. Here another post on how to setup VeraCrypt.

 

Use a YubiKey to store the end of your password

 

What is a YubiKey?

A YubiKey is like a small USB stick key and it works like a keyboard: when you plug it and push its button, it will write a sequence of characters that you would have set up before and finally type the “Enter” key.

 

How to store the end of your password in the YubiKey?

This is the most important of this post 🙂

Actually, BitLocker and VeraCrypt require that you type a password to set up the disk encryption. To avoid to use a weak password, the YubiKey could help you a lot: the first part of your password is known only by you (and you have to type it everytime) and the second part of your password is stored in the YubiKey, and you don’t need to know it. It’s like a double authentification.

So, before setting up BitLocker or VeraCrypt, here how to set up your YubiKey to store the end of your password:

Then, insert your YubiKey, open the YubiKey Personalization Tools and click on Static Password:

Then, click on Scan Code:

Choose Configuration Slot 1 and US Keyboard as the keyboard layout:

Create the end of your main password to be stored on the YubiKey, here a link to a nice password generator:

Finally, apply the configuration yo your YubiKey by clicking on Write Configuration:

If asked, confirm the overwrite of the configuration:

If everything has been done successfully, a message will be displayed:

That’s it! Now, if you want to check if the end of your password is correctly set in your YubiKey, open the Notepad, and click on “Y” button of your YubiKey. It will write the end of the password:

Now, you are ready to set up BitLocker or VeraCrypt: the the first part of your password is known only by you (and you have to type it everytime) and the second part of your password is stored in the YubiKey.

However, be sure to store your complete password in a safe place, just in case you forgot it or loose your YubiKey. Otherwise, it will be impossible to boot your computer!