from Hacker News

Ask HN: What should I do after dropping off my laptop for repair?

by mbroshi on 8/12/20, 5:12 PM with 1 comments

I cracked the screen on my laptop and so dropped it off at a local shop for repair. I just realized I have now given someone full access to my unencrypted hard drive. When I get my laptop back what precautions should I take(e.g. update passwords, SSH keys, ...)? What should I do next time?

  • by Nextgrid on 8/12/20, 7:26 PM

    Depends on how paranoid you are and how valuable the unprotected files are you might want to take action right now.

    Do you have any reasons to believe the repair shop will look into your files and have the skill to be able to misuse the credentials or install malware on the machine?

    Do you believe the repair shop knows who you are and how valuable your laptops's content is, or do you think they have the resources to go through every single laptop that gets dropped off in hopes of finding something valuable?

    Do you believe someone else who might be after you and is willing to put significant effort to break into or bribe the repair shop into giving them your laptop knows where you dropped off your laptop and that it's unencrypted?

    What is the worst that could happen should they get access to your credentials? Do these credentials allow access to anything important that could cause severe losses or harm to other people or businesses?

    Can you easily rotate/temporarily disable those credentials?

    ---

    For next time consider full-disk encryption. Then your only risk becomes bruteforce (easily mitigated with a high-entropy password) or them installing malware to grab the password when you type it after they return it to you.