Search Google Appliance


Full Disk Encryption

The Office of Information Technology currently provides full disk encryption for all new or reimaged Portland State-owned laptops. Encryption is a way of providing greater security for your files by turning them into scrambled code that can't be read by any unauthorized users. This can help to protect sensitive data and is especially valuable in the event of loss or theft of your device. With an encrypted hard drive, you can still log onto your computer and work normally. The only difference will be a prompt for your encryption key when you boot up your computer.

Mac

Encrypting Your Mac Laptop

If you are running OS X 10.10 (Yosemite) and higher, encryption should be enabled by default. The Office of Information Technology sets up new PSU-owned Mac laptops with full disk encryption before delivering them. If you have a Mac laptop running OS X 10.9 (Mavericks) that is not currently encrypted, you may enable encryption by following these steps:

  1. Open the Self Service Software application.
  2. Select "Encrypt My Mac".
  3. Restart your laptop.
  4. Enter your login password when prompted.

Note: Macs running Bootcamp or with OS X 10.8 or lower do not support full disk encryption.

If you need an exception made for your computer to turn off encryption, please contact your Departmental IT Support (if your department is not listed, contact the Helpdesk).

Logging Into Your Mac Laptop

When your Mac has been encrypted, your login screen will look different, but will require the same Odin password that you have always used to sign in. It should automatically sync your passwords whenever you change your Odin password.

Note: If your laptop is off campus when your Odin password is changed, the password will not sync until the laptop returns to campus and connects with the PSU network.

Troubleshooting Login Issues On Your Mac Laptop

If you have not logged into the laptop before, you will need to be added as a FileVault user. Contact the Helpdesk for assistance.

If you have logged into the laptop before, but are having trouble signing in or have forgotten your Odin password, try the steps below to log in to your encrypted Mac laptop:

  1. Turn on your laptop.
  2. From the pre-boot screen, click your account.
  3. Click the help button (). If you created a password hint, it will be displayed.
  4. Enter your previous Odin password (i.e., the last password you had before your current one).
    • If you are presented with another login window, enter your current Odin password to log in. Your password should sync right away and you should be able to use your current Odin password to log in next time.
    • If you are not presented with another login window and go straight into your desktop, ensure that you are either connected wirelessly to PSU Secure or connected with an ethernet cable to a working network port. Your passwords should sync within 5-15 minutes of logging in.
    • If you still cannot sign in, continue to the next section.
  5. Connect your laptop to the PSU campus network with an ethernet cable.
  6. Try to log in to your account from the login window.
    • If you can successfully log in, your passwords should sync and you should be able to use your current Odin password to log in next time.
    • If you still cannot sign in, contact the Helpdesk for assistance.

Windows

Setting Up Encryption on a New Laptop

In most cases, the Office of Information technology will enable encryption on new laptops by default. You will need to personalize your encryption setup with a Personal Identification Number (PIN). Follow these steps to set up your PIN:

  1. Log in to your new laptop with your Odin username and password.
  2. When you see a prompt that says "Create PIN for C:", enter a PIN that follows the guidelines below:
    • Must be 4-20 characters
    • May contain letters and numbers
    • Will be case sensitive ("password" is different than "PaSSworD")
    • Don’t use any existing passwords (like your Odin password).
  3. Re-type your PIN in the Confirm PIN field.
  4. Select "Create PIN".

Note: You should memorize your PIN and avoid writing it down anywhere. If you must write it down, keep it on your person and never leave it where someone else could read it. Only share your PIN with the people allowed to use your laptop.

Encrypting an Existing Windows Laptop or Tablet

To enable encryption on your computer, contact the Helpdesk for assistance.

Unlocking Your Windows Laptop

The encryption software will prompt you for your PIN when you restart your computer or restore it from a hibernation state. Simply enter it when prompted and log in as normal. You should still lock your computer screen whenever you step away, although you will not be asked for your encryption PIN to unlock it.

Tablets do not have an on-screen keyboard during boot up, therefore you must have detachable keyboard or a USB keyboard to unlock a tablet.

Resetting the PIN for your Windows Laptop

If you have forgotten your PIN and are unable to get logged back into Windows, you have two options. You can either unlock the computer yourself using Self Service Portal and create a new PIN, or contact the Helpdesk for assistance.

Using the Self Service Portal
To unlock your computer and reset your PIN, start at Step 1. To reset your PIN on a non-locked computer, start at Step 10.

  1. When your computer asks for your encryption PIN, press Esc once on your keyboard.
  2. On the next screen, locate the Recovery Key ID and record the first 8 characters. Leave this screen up on the computer.
  3. Using another (non-locked) computer, go to the Self Service Portal and log in with your PSU Odin account.
    Note: The Self Service Portal can only be used if you have previously logged in on that computer.
  4. Read the notice, then select the box beside "I have read and understand the above notice."
  5. Select Continue.
  6. On the next screen, enter your Recovery Key ID and select a reason.
  7. Record the 48-character Recovery Key.
  8. Return to the locked computer and enter the 48-character Recovery Key.
  9. Press Enter.
  10. To reset your pin, you have two options:
    1. Open the Start Menu and select Computer.
    2. Right-click on your encrypted hard drive (usually C:).
    3. Select "Change BitLocker PIN".
    4. In the dialog box that appears, create a new PIN and then type it again to confirm it.
    5. Press the "Change PIN" button.

    6. OR

    1. Open the Start Menu and select Control Panel.
    2. Select "BitLocker Encryption Options" in the Control Panel.
    3. Select the link that says "Manage your PIN".
    4. In the dialog box that appears, create a new PIN and then type it again to confirm it.
    5. Press the "Reset PIN" button.

Calling for Assistance
If you have trouble completing the recovery process on your own, you can call the Helpdesk to unlock your computer and assist you in getting logged in.

Further Resources

Contact the Helpdesk for additional assistance.