Is HDD Encryption pointless for My Cloud EX2 Ultra?

I have just received a My Cloud EX2 Ultra (2 bays). I want to know that a burglar cannot swipe the hardware and maybe remove the drives and scrape out the data. I’m guessing that is the point of having HDD Encryption at all?

I have seen a lot of forum people say that Encryption is pointless on a “My Cloud” device - lots of comments about how a thief can simply use a paper clip to reset the device.

As I understand it, my “256 AES Volume Encryption” is “hardware encryption” and the data physically written to the hard drive platters is gibberish without the password. Correct?

So wouldn’t the paper clip reset be useless to a thief (if the drive is not “mounted”)? Unless the password is provided by a human when the drives are mounted (in the case of “manual mount”) I don’t see how the crook/admin with the newly reset password can get access to the data which is physically encrypted? I suppose s/he could delete stuff, and that would be just fine, but reading data without the password? How?

If I’m right, I’m assuming I will have to avoid “automatic mount” (which bypasses the need for us human owners to enter the password on the dashboard at mount time). And, in that event, I’m guessing I’ll need to “unmount” when we’re leaving town and use the dashboard to manually enter the password and “mount” the drives when we need them again.

If I’m off-base, I’d appreciate a short tutorial on where I went wrong. Thanks!

P.S. I did talk to first-level support. I couldn’t get a clear answer to my question about what a thief can (or, more importantly canNOT) do with a hard drive that has HDD hardware encryption. All the support person said was that a thief could reset the admin password with a paper clip and that WD recommends that I not let my hard drives be stolen. (Not very helpful in my case.)

If I’m not there to manually enter the decryption password, I don’t understand how anyone can read the data of the physical drive, fake admin or not.

I am guessing that I will have to unmount the drive if we go out of town, but I’m not sure.
Q: If a thief resets with a paper clip will that automatically unmount the drives?
Q: If a thief yanks the drives into his big thief bag labelled “SWAG”, thus unplugging the power, that will obviously “unmount” the drives requiring that I be there in person to enter the password, right?

Complicated topic.

In my mind, we are conflating two issues: Resetting Data Encryption vs Resetting the EX2.

Also; what type of theft are you worried about? Someone steals and reuses the box; or someone is after your data? Leads me to ask: Where are you putting this box? Maybe the bigger issue is basic device security (physical security)?

If someone steals and reuses the box: Right. The password is insufficient; the 40 second reset will allow someone to wipe your admin account password and use the box. And you want this protection: Because user error or rogue firmware can easily compromise system settings necessitating a reset. You NEED reset ability. The passwords are for cyber security.
In the event of “rouge firmware update” or (more likely) “user error” the cure is either a 4 or 40 second reset. One resets DCHP and admin password - - → The other wipes the users; both leave data fully intact.

I do NOT know how this affects data encryption. I suspect to change encryption you need the encryption password. (in otherwords - - - having access to the admin account is insufficient to read encrypted files) If the EX2 is new - - > you can test this easily.

If are worried about someone taking the drives and scraping the data: GEEZ. What do you have on their that requires such security? I am leery of hardware encryption because; well. . .what happens if the hardware breaks? On my EX2; if the box breaks I know I can pull the drive from the box and hook it up to a PC to recover data. It doesn’t force me to go find another EX2 box (which might be difficult in 5 years). Also, hardware encryption does NOTHING if others have access to the system (i.e. you let your kids play on your computer). Then they can copy off whatever they want.

My view: I avoid hardware encryption because. . . I am more worried about the equipment than I am about crooks. I do use file protection. So my spreadsheet of “what computer toys I want to buy” is open (so others can buy things for me). . but the spreadsheet of “Where is my Money?” is individually protected. (i.e. password protected). That way, I can walk around with a single external drive with both sensitive and insensitive documents on it.

What takes the most space on my drives are media files - - - > I simply do not worry about encrypting those. Tax files protected. Vacation pics: Meh.

Thanks “NAS User”!

I don’t much care about losing the hardware in the extremely unlikely event of a burglary. I WOULD sleep easier if I knew that the data on my purloined hard drives would be unavailable to your typical miscreant.

It’s not that I have anything that special that isn’t separately encrypted, but I DO worry about identity theft. I expect that one could build quite a compelling simulacrum of a person’s identity if one had access to a “lifetime’s” worth of miscellaneous emails and files on that person’s hard drive.

I understand about the potential inconvenience of having hardware encryption if my MyCloud enclosure dies after the model is no longer available. This is why I have multiple encrypted backups all over the place.

In terms of identity theft. . . there are LOTS of easier ways to do this than stealing a NAS drive and reading files. Putting the NAS in a closet would be sufficient to deter most thieves. (i.e. would a simple thief looking at a NAS sitting in a closet and know what it is?)(also - - - too many folks have enough trouble logging in and getting their OWN data when they have the passwords. . . .much harder for someone unfamiliar with the hardware to do this)