In recent years, various electronic apparatuses such as notebook computers and tablet computers are widely used. These electronic apparatuses comprise mass storage such as a hard disk drive (HDD) and a solid-state drive (SSD) as an external storage device. To protect data stored in the mass storage from unauthorized access, some users use software to encrypt the data in the storage device, more specifically, the data written to the storage device. This software is called disk encryption software or the like. The disk encryption software can also encrypt data written to an externally-connected storage device such as a Universal Serial Bus (USB) flash drive.
Most disk encryption software includes instructions for a pre-boot authentication (PBA) function. The PBA function is a function of performing user authentication before an operating system (OS) is loaded, for example, when an electronic apparatus is powered on. A basic input/output system (BIOS) provided in an electronic apparatus also includes instructions for a user authentication function. Therefore, some encryption software PBA functions have user authentication process omission settings so that the users do not have to go through repetitious authentication processes such as password input processes. When the user makes the setting, the disk encryption software PBA function stores a user password in a predetermined safe region in advance and performs user authentication by using the password stored in the predetermined region without prompting the user to input the password.
BIOS user authentication functions also have settings which allow the users to omit user authentication processes such as password input processes. For example, in the user authentication process using a password, a state where no password is set corresponds to a state where the user authentication process omission setting is made by the user.
However, if the user performs the user authentication process omission setting for the BIOS user authentication function as well as the user authentication process omission setting for the encryption software PBA function, and if, for example, the electronic apparatus is stolen, the operation of the electronic apparatus proceeds up to the loading of the OS without assigning the user a single authentication process once the electronic apparatus is powered on.