RE: dual password for file/folder encryption

["Mason, Samuel" <SMason () mt gov>]

Sorry for the slightly off-topic post but with chmod1777's email addy like that I had to send to the list to ask: If 
you have a pure Windows environment have you tried the SSO option with Data Armor? It works and will log them straight 
through from DA into Windows. Our issue is that Windows isn't our only environment and it won't chain password changes 
thru more than one environment so my users get to complain about multiple logins but at least they don't have to 
remember an extra password.

Samuel Mason, CISSP

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of chmod1777 () invalid-host 
name
Sent: Tuesday, December 16, 2008 10:17 AM
To: security-basics () securityfocus com
Subject: Re: dual password for file/folder encryption

I would be reluctant to trust users to store their data in a certain folder only. We looked into encryption because 
we're a financial institution, mainly for laptops, and looked at many options. We decided to go with whole disk 
encryption simply because we simply couldn't trust human nature (users doing the right thing). The product that we 
chose was Mobile Armor.
http://www.mobilearmor.com/
 It is a client/server authentication model, and will allow a user to log in if off the network based off of their 
cached password. It syncs with AD, etc. It's basically a linux pre-boot environment, and allows us a back way in if we 
need to. It can be updated remotely, and is absolutely effortless to administer. The users complain about another 
login, but hey...  it keeps us out of the news ;)  Now we don't have to worry about if the end user did the right 
thing. If a laptop gets lost or stolen, it's basically junk. 

Kurt