How to Encrypt Your Hard Drive for Free

Securing computer data through encryption software has become an obvious necessity for many businesses and individuals who have sensitive information on their laptop or USB flash drive. Unfortunately, many people do not encrypt their data because they are too lazy or think that data theft will not happen to them. A lot of people just feel like they don’t have anything important stored on their computer and that’s why they don’t need encryption.

Whatever your reason, encrypting your data is very important. Whether you think you’re storing important data on your computer or not, there are hackers who would love to browse your files, images, and data to do damage, such as identity theft. Even something as innocuous as photos can be used in very bad ways if it’s in the wrong hands.

Encrypting your hard drive in Windows and OS X is now a fairly simple and straightforward process that just about anyone can do, so there’s no need to expose yourself to potential attacks. In this article, I’ll continue to use BitLocker on Windows and FileVault on OS X to encrypt your data.

Earlier I had written about using a program called TrueCrypt, but it appears that the project has been halted for various reasons. The program used to be one of the most popular programs for encrypting your hard drive, but now that it’s no longer supported, we don’t recommend using it. The TrueCrypt team even recommends using BitLocker, as it can do pretty much everything TrueCrypt was capable of.

Bitlocker on Windows

In Windows Vista, Windows 7, and Windows 8, you can enable drive encryption by enabling BitLocker. Before we get into how to enable BitLocker, there are a few things you should know first:

1. BitLocker works on the Ultimate and Enterprise editions of Windows Vista and Windows 7 and on the Pro and Enterprise editions of Windows 8 and Windows 8.1.

2. There are three authentication mechanisms in BitLocker: TPM (Trusted Platform Module), PIN and USB key. For the greatest security, you’ll want to use TPM plus a PIN. The PIN is a password that must be entered by the user before the boot process.

3. Older computers that do not support TMP can only use the USB key authentication mechanism. This is not as secure as using TPM with a PIN or TPM with a USB key or TPM with both a PIN and USB key.

4. Never print a backup key on paper and keep it somewhere. If anyone, even the police, can access that paper, they can decrypt your entire hard drive.

Now let’s talk about actually enabling BitLocker. Open Control Panel in Windows and click BitLocker Drive Encryption

You will see a list of all your partitions and drives on the main screen. To get started, all you need to do is click Turn on the Bitlocker

turn on the Bitlocker

If you have a newer computer with a processor that supports TPM, you’re good to go and the process begins. If not, you will get the following error message: “A compatible Trusted Platform Module (TPM) security device must be present on this computer, but no TPM was found.To fix this, read my previous post about this TPM issue when enabling BitLocker

not tpm found

After following the directions in that message, you should be able to click Enable BitLocker again and the error message should not appear. Instead, the Set up BitLocker Drive Encryption will start.

start bitlocker encryption

Go ahead and click Next to get started. The installation basically prepares your drive and then encrypts it. To prepare the disk, Windows needs two partitions: a small system partition and an operating system partition. It will tell you this before it starts.

preparation bitlocker disk

You may need to wait a few minutes while the C drive is shrinked first and the new partition is created. After it is completed, you will be prompted to restart your computer. Go ahead and do that.

prepare drive bitlockerAfter Windows restarts, the BitLocker installation should automatically appear with a checkmark next to the disk configuration. Click Next to start the actual encryption of the hard drive.

drive prepared bitlocker

On the next screen, you can choose your BitLocker security options. If you don’t have TPM installed, you can’t use a PIN to boot, just a USB key.

need startup key

You will be prompted to insert a USB stick and the startup key will be saved there. Next, you also need to create a recovery key. You can save it to a USB drive, file, or print. It is best not to print it.

recovery key

After this, you will finally be asked if you are ready to encrypt the hard drive, which will require a reboot.

ready to encrypt

If all goes well and Windows is able to read the encryption keys from your USB stick or from the TPM, you should see a dialog box indicating that the drive is being encrypted.

bitlocker encryption

Once complete, your data is now securely encrypted and cannot be accessed without your keys. Again, it’s important to note that using BitLocker without TPM is a lot less secure and even if you’re using TPM you’ll need to use it with a PIN or with a USB key or with both to be truly protected.

It is also worth noting that while you are logged in, the keys are stored in RAM. Putting your computer to sleep can allow the keys to be stolen by smart hackers, so you should always shut down your computer when you’re not using it. Now let’s talk about FileVault in OS X.

FileVault in OS X

FileVault in OS X provides the same functionality as BitLocker in Windows. You can encrypt the entire drive and a separate boot volume is created to store user authentication information unencrypted.

To use FileVault, you need to go to: System Preferences and click Security and privacy

security and privacy os x

Now click on the file vault tab and click the Enable FileVault knob. If the button is disabled, you will need to click the little yellow lock at the bottom left of the dialog box and enter your system password to make changes.

FileVault Settings

Now you will be asked where you want to save your recovery key. You can store it in iCloud or you can get a recovery key code and then keep it in a safe place. I’d strongly advise against using iCloud, even if it’s easier, because if law enforcement or a hacker needs to break into your computer, all they need to do is access your iCloud account to remove the encryption.

save recovery key

Now you will be prompted to restart your computer and when OS X logs in again, the encryption process will begin. You can go back to Security & Privacy to see the progress of the encryption. You should expect computer performance to be slightly affected, in the range of 5 to 10% slower. If you have a new MacBook, the impact may be less.

As mentioned, all full disk encryption can still be hacked because the keys are stored in RAM while you are logged in. You should always shut down the computer instead of putting it to sleep and you should always disable automatic login. In addition, using a pre-boot PIN or password will give you the most security and will make it extremely difficult for even technical forensic experts to crack your hard drive. If you have any questions, post a comment. Enjoying!

Post views:

Leave a Reply

Your email address will not be published.