Computing devices can employ passcode protection to protect data stored on the device. The computing device can prevent unauthorized access to stored data using protection mechanisms in including presenting a login screen that requires a user to provide a user name/password combination and/or a numeric or alphanumeric passcode. Before a user can obtain access to data stored on the computing device, the user may be required successfully authenticate via the login screen. However, it may still be possible to gain access to data stored on the computing system without knowledge of a username/password or passcode if the data is stored in an unencrypted manner. A malicious attacker may be able to extract data directly from the memory. If the attacker has physical access to the computing system, the attacker can remove one or more storage devices from the system and access those devices via a different system.
Computing device passcodes can be used to enable data encryption by providing entropy to an encryption algorithm that enables the generation of one or more per-user keys that may then be used secure data within the computing system. The per-user keys can be combined with system or group keys to provide enable multi-layer encryption of data and encryption keys to defend against data that is accessed outside of the normal login process, for example, via physical access to a storage device.
Notwithstanding various data protection techniques implemented in computing systems known in the art, cryptographic and cryptanalysis techniques continuously evolve. Accordingly, updated techniques of computing device security are regularly developed.