We tell you how to encrypt your hard drive and the data on it so that intruders do not gain access to them.
Hard disk encryption protects all files at once. To use a computer with an encrypted hard drive, you must enter a password or other key when logging in, otherwise the data on the drive will not be accessible.
This kind of encryption is good as a first line of defense. If someone steals your laptop or removes a drive from one of the servers, they will need to crack the hard drive’s encryption to gain access to the device.
With this type of protection, you can also use folder-level encryption and single-file encryption.
BitLocker Device Encryption is Microsoft’s full disk encryption tool and is built into Windows 10 Pro and Enterprise.
BitLocker has several drawbacks:
- If BitLocker Device Encryption was not pre-installed on your computer, installation and configuration can be difficult. The Microsoft site has a list of devices with Bitlocker preinstalled;
- On different devices, the functions of Bitlocker may differ, it all depends on your motherboard;
- As mentioned earlier, BitLocker only works with Windows 10 Professional and Enterprise.
There is an alternative programVeraCrypt, which does not have these disadvantages:
- Installing VeraCrypt is much easier than BitLocker;
- VeraCrypt is independent of your computer components;
- VeraCrypt works on any version of Windows 10.
VeraCrypt is free and open source (FOSS). Without getting into the "open source vs. closed source" debate, from our point of view, FOSS software is generally considered to be more secure. Besides, it’s free. Once VeraCrypt is installed, all you need to do is enter your password every time you start your computer.
With all this in mind, in the next paragraph we will explain how to install VeraCrypt.
How to Install VeraCrypt to Encrypt Your Hard Drive in Windows 10
While installing VeraCrypt is much easier than installing Bitlocker, it’s not all that easy. If you do something wrong, there is a chance of losing files or even access to the entire disk.
We advise you to read the instructions before starting the installation. If you are not sure that you can do everything right, or are afraid of losing your password, then it is better not to use this type of encryption.
Installation instructions for VeraCrypt for Windows 10:
- You will need a USB flash drive for VeraCrypt Disk Emergency Recovery. Take your USB drive and format it to FAT or FAT32 so it’s ready when you need it.
- You will also need a program that can unpack the archives. We recommend 7-zip, it’s free and open source.
- Go toVeraCrypt download page and find the installer for Windows.
- Run the installation of VeraCrypt, leave all items as default. In the first window, you can select the installation language, there is Russian.
- After a while, the message "VeraCrypt installed successfully" will appear.
- Click "OK" and then "Finish" to complete the installation. VeraCrypt will show a message like the screenshot below.
- If you have not worked with VeraCrypt, it is better to go through this tutorial. Click "Yes" to view the guide or "No" to skip it. In any case, we will show you the rest of the steps.
- Launch VeraCrypt. Select the "System" menu, then "Encrypt system partition/drive".
- The Veracrypt Volume Creation Wizard window appears. You will need to select the type of encryption – normal or hidden. The regular one simply encrypts the entire system. This is what we need, so choose it.
- The program will then ask if only the Windows system partition or the entire drive should be encrypted. If you have several partitions with important data, you can encrypt the entire drive. If you have only one partition on the disk (like we do), there will be one option – "Encrypt Windows system partition". Select this item and click Next.
- The next window is "Number of operating systems". If you have multiple operating systems, select multiboot. Otherwise, select single boot. Press "Next".
- The Encryption Options window will appear next. We recommend that you select AES for encryption and SHA-256 for hashing. Both are widely used algorithms.
- The next step is the password. It is better to choose a reliable one to protect the system from hacking. Many password managers (like Bitwarden) have password generators. Note: VeraCrypt will show a warning if the password is less than 20 characters. Press "Next".
- Next is the collection of random data. It will be necessary to drive randomly with the mouse inside the window. This increases the strength of the encryption keys. Once the indicator at the bottom of the window is full, proceed to the next step.
- Then the Generated Keys window will appear. Here you just need to click the "Next" button.
- Next, you need to create a recovery disk. Explanation in the picture below. You can skip creating a physical recovery disk, but this is dangerous. Pay attention to where VeraCrypt will store the ZIP image, then click Next.
- If you didn’t skip creating a recovery drive in the previous step, now you need to do it. VeraCrypt doesn’t tell you how to do it, but we’ll show you. Remember we asked you to find a USB drive? Insert it into your computer. Now go to the directory where VeraCrypt stores ZIP images. Use 7-zip (or other zip extractor) to extract the files from the "VeraCrypt Rescue Disk.zip" archive to the root of the USB drive. When it’s done, click "Next" to have VeraCrypt verify that the copy was correct.
- If everything went well, you will see a message box saying "Recovery drive verified". Remove the USB drive from the computer and proceed to the next step.
- The next next window will appear "Cleaning Mode" Normally, you do not need to do anything with this function. Make sure it is set to "None (fastest)" and click "Next".
- The System Encryption Pre-Test window appears. VeraCrypt will now check if encryption works on your system. The image below explains in detail what will happen. Click "Test" to see how it goes. Note that VeraCrypt will probably show you a few more warnings and such before it actually runs the test, so be prepared for that.
- If everything went well, the computer will restart and you will see a window like in the screenshot below.
VeraCrypt recommends that you back up all important files before encrypting your system. This will allow them to be restored if something serious happens in the middle of the encryption process, like a power failure or a system crash. When you’re done with that, take a deep breath and click Encrypt. VeraCrypt will show documentation worth printing. It specifies when to use the VeraCrypt Recovery Disk after encryption is complete. Then the encryption process will begin.
After that, you will need to enter the password every time you turn on the computer.
Based on Techspot.