How to keep a laptop secure when you're on the go

Whether you're working in a caf, checking emails at the airport or you just don't trust your kids, it's useful to prevent other people accessing your laptop. This article won't go over the obvious advice; you've surely already got a strong password, know the merits of using a VPN and keep all your software up to date.

Instead, we'll focus on tools and gadgets that specifically make your laptop more secure when you're out in the big wild world.

A dilemma when working in a public place is what to do when nature calls. Do you pack everything up and take everything with you when you go to the loo? Or do you leave everything on the table and trust your fellow caf goers or airport lingerers?

Predator solves the problem by offering a quicker and more secure alternative to just logging out. By writing a special keycode to any old USB drive, you can lock your laptop by just unplugging your drive, and unlock it by plugging the drive back in again. And unlike the standard Windows Lock screen, Predator will disable your keyboard and trackpad, so there's no way to force a reboot of your laptop when you're away.

Predator installs as a 10-day trial, so you get a decent amount of time to see whether it will work for you or not. After that, the Home version costs $10 (around 7.50) while the Professional version costs $15 without support or $30 with (around 11 or 23 respectively). The Professional version adds a few extras, such as tracking elements, but you can get bespoke tracking software for free.

Installing Predator

Once you've downloaded Predator, unzip the file and run the PredatorPackage Windows Installer Package. You'll probably be warned by Windows Defender SmartScreen that running this file might put your PC at risk, but click More Info and then 'Run anyway' Predator is legitimate, it's just not on Microsoft's list of known applications.

There are a few options in Predator you'll need to change immediately

You can click Next at every step of the install process, although User Account Control could kick in to ask if you really want to install the application. Launch Predator from the desktop, and it will ask you to define a password and to register a key. Insert any USB drive and click OK to create your Predator master password. Since Predator only writes a 1KB file to the USB drive (rather than formatting the drive), you can use a small old drive, or a large USB3 device you use for other purposes.

The advice for passwords these days is for long but memorable passwords rather than short but complex ones. Get Safe Online recommends using three random words, and only adding special characters and oddly placed capitals for very strong passwords.

Because password cracking relies mostly on 'brute-strengthening' each character of a password, a longer password in plain English will take longer for a hack bot to crack than a short jumble of random characters and symbols. Add to that the likelihood that an alien jumble of characters is so hard to remember that it's likely the human user will write it down somewhere, and it's more likely that the password 'c8^nE' will be cracked easily while 'manymelonhorses' will prove much harder.

Drive time

Once you've chosen your master password, you need to assign a drive. The USB drive you inserted should already be shown in the drop-down list. If it's not, tick the 'List fixed' box, as some USB drives can show up in Windows as fixed drives rather than removable ones. You can cross-check drive letters by opening Explorer with Windows-E. Click OK and you'll see a green circle appear in the System Tray: Predator is armed and active.

However, you'll want to change a few settings straight away. Right-click the Predator icon in the System Tray and select Preferences. Enable AutoStart with Windows and decrease the Read interval to 10. This change means that Predator will check whether the USB key is in place every 10 seconds. You'll want to increase the Write Interval too, as this will give you longer before the keycode on the USB drive becomes too old; 600 (10 minutes) should you give you enough time to order another latte, or attend to the consequences of its predecessors.

You might want to change some of Predator's Alarm options, too

If you're a superspy on a budget, leaving the Write Interval at 60 gives your enemies only one minute to either steal or clone your USB drive and use that to unlock your laptop. If the keycode on the USB drive expires, you'll just have to enter your master password manually to unlock your laptop.

The Alarm options tab has a number of attractive options. The Sensitivity setting sets how many keypresses are required to bring up the manual login option. The default is Medium, which requires three key presses, while Low requires five rapid key presses and High just the one. Do not use the Disable option as this prevents manual unlocking of your laptop.

The Commands section (Event and Action) allows you to modify what happens after an event, and is also best left alone. Enabling a schedule could also create more problems than it solves. The idea is that you can set a 'working hours' schedule, outside of which Predator will lock the laptop.

Once you've altered whichever of Predator's options look useful, click OK and you can start using a USB drive to thoroughly lock down your laptop.

Dynamic lock

Windows 10 has an option to automatically lock your computer when your phone goes out of Bluetooth range called Dynamic Lock. If the Bluetooth connection between your laptop and smartphone is broken, Windows assumes you've moved away from your laptop and locks it. However, Bluetooth can have quite a long range these days perhaps 10m or more so Dynamic Lock might only be handy for automatically locking your PC when you pop out for lunch.

To enable Dynamic Lock, go to Settings, Devices. Click Add Bluetooth or other device, and then click Bluetooth. Make sure that your phone is visible and then pair it to your computer. Next, go to Settings, Accounts, Sign-in options and select the box labelled 'Allow Windows to detect when you're away and automatically lock the device'.

Add biometrics

There's some truth to the Hollywood fiction that biometric security is flawed, although it's not as bloody as the movies often make out. Biometric logins depend on a scanned thing (such as a fingerprint, eye or face) matching the patterns described in a digital file. While any fool can look over your shoulder and note down your password, only a select few have the skills to hack a secure biometric file.

The iDoo Mini USB Fingerprint Reader is tiny, costs 27 and adds super-quick logins to any laptop

A fingerprint reader also prevents keylogging software capturing your password as you type it, and makes logging into your laptop quicker and cooler. Amazon has a range of suspiciously similar Mini USB fingerprint readers; we opted for iDoo's for 27.

Plug in the iDoo and wait until Windows notifies you that the 'Synpatics WBDI Fingerprint Reader USB 052' setup has completed; you might need to be online for this. Open the Sign-in options menu (search the Start menu for 'sign') and click Set up under Fingerprint. If the option is greyed out, you'll have to set a login password first.

The process is fairly well explained, except for the actual scanning of the fingerprint. Ignore the prompts and just keep lifting and pressing the fingerprint reader until the fingerprint pattern is completed. Try to press your fingertip at slightly different angles so the small sensor can build up a picture of your entire fingertip.

You should register multiple fingertips, just in case you suffer a horrible accident, or your finger is muddy, scratched or clogged with paint. You should also set up a PIN, just in case something goes wrong with the fingerprint software or hardware. Once done, sign out of Windows to try logging in with just your fingerprint.

It's not the most elegant, but PQI's Secure Key software adds useful abilities for your fingerprint reader

To use your USB fingerprint reader with websites and other passwords you'll need to download and install the PQIKeySFInstaller file. Click Ignore on any 'no dongle found' errors when installing.

At your fingertips

To use your fingerprint reader to log into websites, launch PQI's Secure File software and click the Web Login button. You'll need to scan your fingertip (using a finger previously set up for Windows Hello) and then you can start adding logins by clicking the green Plus button on the PQI KEY screen that appears.

It looks like you should wait for confirmation that your current finger press has been recognised

This process is a little clunky at first. Once you press the 'add' button, Internet Explorer will launch (not even Edge, let alone your preferred browser) and ask you whether you want to install the PQI add-on. Do so and close IE. Then press the 'add' button again, head to the website you want to log in to automatically, enter your login details as normal, and you should see a dialog box from PQI asking whether you want to save those details. Click OK. Repeat the process for all your favourite websites. Those details won't appear in the list until you click the Exit button and re-open this Web Login.

You can use the slightly clunky PQI software to use your fingerprint reader to log into websites

The Secure File software also adds file- and folder-encryption. Just right-click on an item and you'll see two new options, PQI KEY File Encryption and Encryption For Share.

Choosing the former just encrypts the file. To decrypt it, right-click the file and select PQI KEY File Decryption to use your fingertip to unencrypt it. If you choose 'Encrypt For Share' you'll be prompted to create a password for the file or folder, which you share with the recipient. Don't send this password with the file, and preferably not via the same medium. Instead, email the file and text the password, for example.

You can even use the fingerprint reader to encrypt and decrypt your files and folders

If you're particularly worried about someone stealing your files, you need to be aware that it is possible to remove a laptop's hard disk and access its files via a second PC. To counter this threat you might want to automatically encrypt your entire Documents folder. FreeOTFE is a free tool that does exactly that.

A more secure browser

The above tricks can protect you from threats in the physical world, but what about online? Using a VPN will hide your communications online, while anti-virus software should protect you from nasties that might get through even if you keep all your software up to date (try Flexera's Personal Software Inspector to make that job easier). But you could make yourself even more secure by using a specific, locked-down browser when computing in the wild.

The Epic web browser is stripped back and locked down for maximum privacy and security

While typical browsers such as Chrome, Firefox and Opera are pretty secure, there are browsers specifically set up to protect your privacy and strip out all non-essential functions to enhance your security. For a really stripped back browser, try Epic.

Epic won't save passwords, has no web or DNS cache and even prevents spellchecking. Your searches are hosted on Epic's servers, meaning they can't be linked to your IP address, and there's comprehensive ad- and tracker-blocking. When you close Epic it deletes every trace of your browsing session, and there's even an 'encrypted proxy' mode that acts like a pseudo-VPN.

Image: Shutterstock