Whatever encryption technology you use, I assume you use it because you trust it? Perhaps you only use it because it was available, or it was easy to install, configure or or use it? Whatever the case may be, relying on a piece of technology you are not able to fully understand can be a bit scary. Myself, I use use different encryption technologies, such as Macos X disk encryption, Microsoft disk encryption and others, but can I trust them?
In a way, I really have no choice but to trust them if I decide to use them, but if I do feel a bit concerned, I can add additional levels of protection. I am quite sure that both Apple and Microsoft provide disk encryption that is resilient to attack, depending on my password or pass-phrase of course. The thing about passwords and pass-phrases are something that many users don’t seem to understand how it makes disk encryption good or virtually useless.
Every password or pass-phrase can be brute forced, basically guessed until you find the correct password or pass-phrase. Depending on the quality of your chosen password or pass-phrase, the disk encryption you might have implemented might not protect your data. If you enable BitLocker in Windows and choose a poor password, an attacker will be able to decrypt your data. If you have chosen a good password, an attacker faces an impossible task of guessing the correct password. The debate of what makes up a good password is ongoing, but I will say this; using dictionary words or abbreviations of those words is probably a bad idea. A good password is based on random characters and the other key factor is length. The longer the password is, the harder it will be to guess, if it based on random characters.
So, adding additional layers of security, how can this be done?
Personally, I add layers of encryption to sensitive material which of course adds to the complexity of managing the information, but I feel that it is worth the extra effort to make absolutely sure that no other than authorized people can access the data. One way to do this is to start with the hardware, as an example an USB drive. There are USB drives that comes with hardware encryption. Second, utilize operating system encryption such as BitLocker on the device, and as last step, add a software encryption container on the device itself. That makes 3 layers of encryption which will make it very hard for any attacker to gain access to the data. If you also make sure to use 3 different random and quite long passwords for the different layers of encryption, I think you can feel that your data is pretty safe. Is it hard to manage a solution like this as a ordinary user? I would say, not that hard that I would say that it is not worth doing. Entering a pin on the hardware device before plugging it in the computer is step 1, entering BitLocker password is step 2 and finally mount the encrypted container is step 3. It is not as hard or as difficult as it may sound. Give it a try, you might like it enough to start using it to protect your sensitive data.