Most of us use a password on our computers, files, and folders to protect against unauthorized access. However, password protection does not guarantee the safety of data.
So, to prevent data theft, encrypting the hard drive is the best option. While Encryption also uses a password for protection, it adds up the security by scrambling all the data inside a file and changing them into cipher codes. So, even if someone finds the file, they won’t be able to make sense of the data without the encryption key.
Encrypting a Harddrive in Windows
You have several options to encrypt the hard drive, such as the built-in BitLocker or other third-party tools in Windows. Let’s discuss the stepwise process to add the encryption using both methods here.
BitLocker has been incorporated into Windows OS since the time of Windows Vista. It now has much-improved security algorithms.
When you lock your drive with BitLocker, it encrypts all the files, and you will require the security password or recovery key to decrypt and access those data. It employs an AES encryption type with 128 or 256-bit keys algorithm for protection.
Let’s move on to keep your drive encrypted using BitLocker.
- Open Windows Explorer by pressing Windows + ‘E’.
- Click on This PC or Computer to list the drives on your system.
- Right-click on the drive and select Turn on BitLocker.
- Select Use a password to unlock the drive. It may not be usual for everyone to possess a Smart card.
- Set a strong password of at least 8 characters and click Next.
- Save the recovery key to the location of your choice. We recommend you save it in atleast two different locations in case you cannot access one of them. You will lose all your data if you forget your password and the recovery key.
- Select either Encrypt used disk space only or Encrypt entire drive, depending upon your requirement. The option to encrypt the used disk space only is faster and encrypts all the files available currently and any added in the future. Both options are secure.
- Select the Encryption mode and click Next.
- Finally, click on Start Encrypting.
- Once the encryption completes, restart your PC.
If you do not find the Turn on BitLocker feature in the context menu of the drive (in the case of earlier Windows versions), you can do this through Control Panel.
- Press Windows + ‘R’ and enter
controlto navigate to the Control Panel.
- Select View by Small Icons.
- Find BitLocker Drive Encryption and click on it. In some OS, you may find it inside System and Securities.
- Click on Turn on BitLocker on the right side of the drive you want to lock.
- Here onwards, follow the same instructions mentioned in and after Step 5 above.
Using Third-Party Tools
You can also use several reliable third-party freeware applications that can encrypt your drive with the highest security if you do not find BitLocker secure. Some of them are TrueCrypt, AESCrypt, VeraCrypt, and so on.
Here, we are going to provide the steps to encrypt the drive using an open-source application, VeraCrypt, for demonstration.
To Encrypt Non-System Partition
- Download the VeraCrypt Installer file and Install it accordingly on your system.
- Run VeraCrypt on your PC.
- Click on Create Volume.
- Choose Encrypt a non-system partition/drive. It is used to encrypt the partition without the operating system, external drive, USB flash drive, etc.
- Select Standard VeraCrypt volume or Hidden VeraCrypt volume by reading the information given there.
- To select Volume, click on Select Device and choose the respective partition that you want to protect.
- Click Next.
- Now, choose Encrypt partition in place. Selecting Create encrypted volume and format it will remove all the data in the drive.
- Leave the Encryption Algorithm and Hash to default and click Next.
- Set a strong Password.
- Move your mouse to improve randomness in the encryption process, and click Next.
- Choose the Wipe mode, and finally, click Encrypt.
- Select Yes in the confirmation window.
To Encrypt a System Partition
If you are trying to encrypt the drive containing the Operating System, the process is a little different.
- Follow the same process up to step 3 mentioned above,
- Choose Encrypt the system partition or the entire system drive.
- Select Encrypt the Windows system partition.
- Choose either Single-boot or Multi-boot depending on the number of OS on the drive.
- Choose the Encryption method and set Password.
- When you reach the Rescue Disk stage, check the Skip Rescue Disk verification. This will create a rescue disk automatically for safety purposes.
- Now, copy the rescue disk image created to a USB flash drive or another unencrypted drive and click Next. You will not be able to move forward unless you copy the file somewhere safe. If any error appears even after copying the image file, reinsert the USB drive and copy the rescue disk image again.
- Now continue according to the instruction mentioned earlier.
It will take seconds to a few minutes to complete the process. You cannot access the encrypted drive yet, as it is hidden and unmounted. So, to access the encrypted drive,
- Run VeraCrypt again.
- Click on Select Device.
- Select the Partition you just encrypted and click OK.
- Choose a random unused Drive letter from the list.
- Click on Mount. Alternatively, you can select Auto-Mount Devices to mount all encrypted drives at once.
- Enter the password and press OK.
After the drive is mounted, you can now access it from File explorer normally. For security purposes, once your work is completed, you can click on Dismount All to hide the drive again.
Decrypting an Encrypted Drive
Once you are free from security threats or you want to remove the encryption, you can easily decrypt the drive.
You can turn off the protection in the drive to decrypt it completely.
- Open Control Panel and navigate to BitLocker Drive Encryption.
- Click on Unlock Drive for the encrypted one.
- Enter the password or recovery key to unlock it.
- Now, click on Turn off BitLocker and follow the instruction.
The encryption will be removed from the drive.
For Third-party Applications
Every application has its own way of decrypting the drive. However, the general steps are usually the same. You will have to select the drive within the application, enter the password to unlock the drive, find the Decrypt option, and click on it. After a short while, your drive will be free of encryption.