Encrypt a Hard Drive - Windows, Mac & External HDDs

If you want to protect your data against prying eyes, the best bet is encrypting your entire hard drive, rather than individual files or folders. Whether on macOS or Windows, a number of useful tools are available, and below, we'll let you know what these are and how to use them.

If a thief breaks into your apartment and makes off with your laptop, it won't take long before they'll be browsing its contents. It's a common misconception, but password-protected Windows accounts actually only offer a limited amount of security; should a thief remove your hard drive and connect it to another computer, they'll be able to access everything on it no matter how strong your password was.

The same fate can befall external hard drives and USB sticks, should they come into the wrong hands. If you lose your flash drive, for example, whoever finds it gains access to all of the data on it. For this reason, hard drives and mobile storage devices of all shapes and sizes should be encrypted.

Encryption algorithms rely on so-called cryptographic keys, which change plain text into encrypted text. In this manner, data is repackaged as numbers, which are converted back to their original form so long as the correct password is input. Guessing or brute-force won't offer much help in breaking the key since for the default algorithm (AES 256), there are 2^256 possible combinations. Even the most powerful computer would require billions of years to try that many.

BitLocker can be used to encrypt an entire drive or partition, relying on the so-called Trusted Platform Module (TPM). This is a chip that comes pre-installed with most new computers and laptops.

Should your entire hard drive by encrypted, Windows will prompt you for the key when booting up. In the event that you lose this password, you can regain access through a recovery key.

BitLocker offers users the choice of the following encryption algorithms, with the number of bits corresponding to the key's length:

To check whether your computer or laptop has a TPM chip, go to the Windows menu and follow Settings > Device Manager > Security Devices. Should a TPM chip be present, it will be listed here as "Trusted Platform Module 2.0".

In the event that your computer or laptop doesn't have a TPM chip, you can still encrypt your hard drive with BitLocker, however, you'll need a USB stick with a startup key to access it.

1. Click on Start, type "BitLocker" in the search field, and press enter.

2. A window, Bitlocker Drive Encryption should open (see the screenshot below). Click on Turn On BitLocker for the drive you'd like to encrypt. Starting with Windows 10, it's possible to encrypt only used storage space, saving time. The only downside is that this isn't as secure as encrypting the entire drive.

3. Specify where the recovery key should be saved. You can store it in your Microsoft account, print it, or save it to a USB stick. The last option is the safest since it means that the key won't be located remotely, but rather, on your hardware. To err on the side of caution, we also recommend printing out a hard copy of the key.

4. Select the encryption mode. New is recommended for internal drives, while Compatible is the best option for external devices.

5. Confirm your selection by clicking on Next and BitLocker will encrypt the drives you've specified. You'll know it has completed the process when your computer restarts.

Advantages of using BitLocker

Disadvantages of BitLocker

In contrast to Windows, iMac Pros and other Mac hard drives are encrypted by default with a T2 chip since OS X 10.10 Yosemite (2014). FileVault only allows decryption to commence after the correct password has been input, while also providing a number of additional security features to Mac users.

FileVault utilizes the XTS-AES-128 encryption algorithm with a 256-bit key. In addition to internal drives, this allows external ones to be encrypted as well.

1. Open the Apple menu and go to System Settings > Security.

2. Click on FileVault.

3. Confirm by clicking on Activate FileVault.

4. Next, select how the drive should be unlocked in the event that you lose the key, either through a recovery key or by accessing your password-protected iCloud account.

Advantages of FileVault

VeraCrypt, a piece of open-source software based around the TrueCrypt algorithm, is one of the most well-known third-party encryption programs out there. In 2020, the Fraunhofer Institute confirmed that VeraCrypt's encryption algorithm had no significant weaknesses. Beyond that, the program makes it possible to decrypt data encrypted on Macs on Windows and vice versa.

The program encrypts internal and external drives, as well as folders using the TrueCrypt algorithm, supporting Windows, Linux, and macOS. Only after the correct password has been input will it display the virtual drives it has encrypted, and even then, it's possible to add hidden drives within the encrypted container, boosting security even further.

1. Download the software, extract its files, and install them on your computer.

2. In order to create a virtual drive, launch the software and click in the bottom left on Create Volume > Encrypt a System Partition or Drive. Select the desired drive.

3. From the three options, choose Create an encrypted file container.

4. Choose an encryption algorithm. We recommend AES, since it offers both speed and security.

5. Once you've confirmed your selection, VeraCrypt will encrypt the drive you've selected and store the files you've specified in the appropriate container, which will appear as an additional drive. Simply disconnect this drive, and the files will be encrypted, requiring a password to be unlocked or accessed again.

Advantages of VeraCrypt

Disadvantages of VeraCrypt

Encrypting your hard drive is the best way to protect your files from unauthorized access, theft, and loss. With BitLocker, Windows provides a secure and efficient piece of software, however, only for its Professional and Enterprise users. All Mac users can take advantage of FIleVault, that operating system's counterpart to BitLocker. The free option, VeraCrypt, offers a solution compatible with multiple operating systems, but also one which requires a bit more time to get used to.