I'm getting ready to set up my old ThinkPad for Linux as I'm planning to switch from Windows soon. However, I hit a bit of a snag—VeraCrypt doesn't let you create a PIN for startup; it requires the full password, which can be a hassle to remember. This makes me worry that I might end up choosing a weaker password just to simplify things. On Windows, I used BitLocker, which allows a PIN, making it easier and more secure for whole drive encryption. Is there something I'm missing? Are there other programs similar to VeraCrypt that support using a PIN instead? I'm also using Cryptomator for local encryption for my cloud files, and it offers a nice PIN feature too. Thanks for your help!
3 Answers
You could try using LUKS! It’s great for encrypting local volumes, and you can even set it up with TPM for easier unlocking at boot. Plus, using a hardware token like YubiKey with LUKS could simplify the whole process without having to remember complex passwords.
Have you considered using a YubiKey or any FIDO2 device? It works really well with LUKS and can let you set up a password-less login or use it for SSH and GPG signatures. It's a pretty secure option!
That's a solid tip, appreciate it!
If your SSD is self-encrypting (SED), you might want to set a drive password in the BIOS. The SED uses that password to encrypt the data, and you'll enter it at startup. It makes everything pretty seamless and keeps your data protected.
LUKS? No idea that existed! Thanks for pointing it out, I'll definitely check it out!