Security Solutions
5 
Recovering from a locked device 
If the device locks and you enter a correct answer to the pre-selected question, this regains access 
to the device and its data. If you forget the PIN/password and the answer to the preselected 
question, there is no way to recover from a locked device without losing data. The device will 
prompt for a hard or clean reset, and all memory will be set back to the default factory condition 
which includes deleting data in the iPAQ File Store. If this option is chosen, the iPAQ File Store 
takes more than 10 minutes to initialize. During this initialization process, it is recommended that 
you connect your HP iPAQ to AC power to avoid timeouts. 
However, if you forget your PIN, but successfully enter your hint question/answer, you are prompted 
to enter a new PIN. If you do not answer the hint question/answer successfully, there is a time delay 
between the hint question/answer attempts until you enter the correct answer. 
Passphrases 
When HP ProtectTools is initiated, you are prompted for a passphrase that is different than the PIN 
or password used to access the device. The passphrase is created for one reason: if data is stored 
on a memory card and encrypted by HP ProtectTools, a passphrase is used to facilitate sharing the 
data with other HP iPAQ devices. In other words, HP iPAQ devices that use the same passphrase 
can also share the data that is encrypted on memory cards. 
One special example occurs when HP ProtectTools is disabled but data is still encrypted on a 
memory card. This data can be retrieved from the card if HP ProtectTools is reinitiated on the HP 
iPAQ using the same passphrase used previously when the data was encrypted on the card. Thus, 
like PINs and passwords, it is important to store the passphrase in a secure location. Passphrases 
must be at least eight characters long and must include at least one punctuation mark. For best 
results, a mix of at least 30 numbers, letters, and special characters should be used. 
Performance considerations related to data encryption 
With HP ProtectTools, the HP iPAQ automatically encrypts data stored on the device using one of 
four encryption algorithms. These encryption algorithms are listed below in order of the strongest to 
the weakest: 
•  Lite 
•  AES (advanced encryption standard) 
•  Blowfish 
•  3DES 
When you lock and unlock the device, the HP iPAQ encrypts and decrypts the data using whichever 
algorithm is chosen. Since the computer must run all data through this algorithm, the 
encryption/decryption operation will take time and affect the performance of the device. 
If you have a large amount of data on your device and choose to encrypt it all, regardless of 
processor performance, it will take time to decrypt the data To improve performance, you may 
consider encrypting only the most critical data. Performance can also be improved somewhat by 
moving to weaker encryption algorithm. For instance, someone using AES for encryption can see a 
small performance improvement by changing to the Blowfish method, which is still strong but not 
quite as strong as AES. It is possible to change the encryption settings later, but this also involves a 
wait while the data is being converted from one format to the other. 
Encrypting your personal data is the best way to protect your personal information. The encryption 
process runs in the background, so you are able to perform other tasks on your HP iPAQ during this 
time. There are two methods to monitor the decryption process. To find out more about encrypting 
and decrypting data, refer to the documentation on the 
Companio
n CD or 
Getting Started
 CD that 
came with your HP iPAQ. 










