You’ve probably heard the word “encryption” a million times before, but if you still aren’t exactly sure what it is, we’ve got you covered. Here’s a basic introduction to encryption, when you should use it, and how to set it up.
What Is Encryption?
Encryption is a method of protecting data from people you don’t want to see it. For example, when you use your credit card on Amazon, your computer encrypts that information so that others can’t steal your personal data as its being transferred. Similarly, if you have a file on your computer you want to keep secret only for yourself, you can encrypt it so that no one can open that file without the password. It’s great for everything from sending sensitive information to securing your email, keeping your cloud storage safe, and even hiding your entire operating system.
Encryption, at its core, is similar to those decoder rings you played with when you were younger. You have a message, you encode it using a secret cipher, and only other people with the cipher can read it. Anyone else just sees gibberish. Obviously, this is an incredibly simplified explanation. The encryption in your computer is far more complex—and there are different types of encryption that use multiple “decoder rings”—but that’s the general idea.
There are also different levels of security when it comes to encryption. Some types, for example, are more secure but take longer to “decode.” And few, if any, encryption methods are 100% foolproof. If you want a more thorough explainer on how encryption works, check out this article from the How-To Geek and this article from HowStuffWorks. They explain a few different kinds of encryption and how they keep you safe online.
Should I Encrypt My Files?
First of all, a short answer: yes. Things can get stolen even if you don’t share your computer. All someone needs is a few minutes in front of the keyboard to retrieve anything they want. A login password won’t protect you, either—breaking into a password-protected computer is insanely easy.
So should you encrypt your sensitive files? Yes. But it’s a bit more to it than that. You have two big choices when it comes to encryption: do you just encrypt the important stuff, or do you encrypt your entire drive? Each has pros and cons:
- Encrypting a select group of files—like the ones that contain personal information—keeps them safe without any extra complications. However, if someone had access to your computer, they could still break into it and view any non-encrypted files, access your browser, install malware, and so on.
- Encrypting your entire drive makes it difficult for anyone to access any of your data or even boot up your computer without your password. However, if you experience any corruption on your drive, it’s much less likely that you’ll be able to retrieve that data.
We generally recommend against average users encrypting their entire drive. Unless you have sensitive files all over your computer, or have other reasons for encrypting the entire thing, it’s easier to encrypt the sensitive files and call it a day. Full disk encryption is more secure, but can also much more problematic if you don’t put in the work to keep everything backed up safely (and then encrypt those backups as well).
That said, we’ll show you how to do both in this guide. and what you do is up to you. We’ll talk a bit more about each situation in their individual sections below.
How to Encrypt Individual Files or Folders with TrueCrypt
If you need to keep a few files safe from prying eyes, you can encrypt them with the free, open-source, cross-platform TrueCrypt. These steps should work on Windows, OS X, and Linux. Note that if you’re encrypting files to send them over the internet, you can also use this previously mentioned 7-Zip method.
Creating a TrueCrypt volume for your files is insanely easy—just follow TrueCrypt’s step-by-step wizard. Here’s an overview of what it entails:
- Start TrueCrypt and click the Create Volume button.
- On the first screen of the wizard, select “Create an encrypted file container.”
- On the next screen, choose “Standard TrueCrypt Volume.” If you want to create a hidden volume (to further obscure your data), read more about how it works here. We won’t cover it in this tutorial.
- On the Volume Location screen, click the Select File button and navigate to the folder in which you want to store your encrypted files. Do not select an existing file as this will delete it—instead, navigate to the folder, type the desired name of your encrypted volume in the “File Name” box, and click Save. We’ll add files to this TrueCrypt volume later.
- Choose your encryption algorithm on the next screen. AES should be fine for most users, though you can read up on the other options if you so chose. Remember: Some options might be more secure, but slower than others.
- Choose the size of your volume. Make sure it has enough space to fit all your files, and any files you may want to add to it later.
- Choose a password to protect your files. Remember, the stronger your password, the safer your files will be. Make sure you remember your password, because if you lose it, your data will be inaccessible.
- On the next screen, follow the instructions and move your mouse around randomly for a bit. This will ensure TrueCrypt’s generates a strong, random key. Then click Next to continue with the wizard.
- Choose a filesystem for your encrypted volume. If you’re storing files over 4GB inside, you’ll need to choose NTFS. Click Format to create the volume.
To mount your volume, open up TrueCrypt and click the “Select File” button. Navigate to the file you just created. Then, select an open drive letter from the list and click the Mount button. Type in your password when prompted, and when you’re done, your encrypted volume should show up in Windows Explorer, as if it were a separate drive. You can drag files to it, move them around, or delete them just like you would any other folder. When you’re done working with it, just head back into TrueCrypt, select it from the list, and click Dismount. Your files should stay safely hidden away.
How to Encrypt Your Entire Hard Drive on Windows with TrueCrypt
The process of encrypting your entire hard drive isn’t that different from encrypting individual files and folders (though TrueCrypt can only do this in Windows). Once again, the process is quite simple thanks to TrueCrypt’s step-by-step wizard. Here’s what you need to do:
- Start TrueCrypt and click the Create Volume button.
- On the first screen of the wizard, select “Encrypt the System Partition or Entire System Drive.”
- On the next screen, choose “Normal.” If you want to create a hidden operating system (to further obscure your data), read more about how it works here. We won’t cover it in this tutorial.
- Next, choose “Encrypt the Whole Drive.” This should work for most people, though if you have other partitions on your drive that you don’t want encrypted, you may want to choose the first option instead.
- When asked to encrypt the Host Protected Area, we recommend choosing No, unless you have any specific reason to.
- If you only have one operating system installed on your computer, choose “Single-Boot” at this next prompt. If you aren’t sure, you’re probably using a single-boot setup. If you’re dual booting (say, with Linux or another version of Windows), choose “Multi-Boot.”
- Choose your encryption algorithm on the next screen. AES should be fine for most users, though you can read up on the other options if you so chose. Remember: Some options might be more secure, but slower than others.
- Choose a password to protect your files. Remember, the stronger your password, the safer your files will be. Make sure you remember your password, because if you lose it, your computer will be unbootable, and your data will be lost.
- On the next screen, follow the instructions and move your mouse around randomly for a bit. This will ensure TrueCrypt’s generates a strong, random key. Then click Next to continue with the wizard.
- Next, select a location for a TrueCrypt Rescue Disk, which will help you save your data if the bootloader, master key, or other important data gets corrupted. Give it a file name and save it.
- Once you’ve saved the file (in ISO format), you’ll have the option to burn it to a CD or DVD. Do this now (using either Windows’ built-in tools or a program like ImgBurn) before you continue. Click Next when you’ve finished burning the disc (and keep the disc in a safe place!).
- Choose a Wipe Mode for your data. “None” is the fastest, but if you want to ensure that your data is as secure as possible, choose one of the other options (3- or 7-pass is probably fine).
- Run the System Encryption Pretest on the next screen. You’ll need to restart your computer and enter your new TrueCrypt password when prompted.
- If the test runs successfully, you’ll get the option to begin encrypting your drive. Let it run—it’ll probably take awhile (especially if you have a large drive).
That’s it. From now on, when you start up your computer, you’ll need to enter your TrueCrypt password before you boot into Windows. Make sure you don’t forget your password or lose that recovery disc—if you do and something goes wrong, you won’t be able to boot into your computer, and you’ll lose all your data.
How to Encrypt Your Entire Hard Drive on OS X with FileVault
OS X has a built-in encryption tool called FileVault, and it’s incredibly easy to set up. All you need to do is:
- Head to System Preferences > Security & Privacy > FileVault.
- Click the lock in the bottom left-hand corner of the window to make changes. Type in your password when prompted.
- Click the Turn on FileVault button. Copy down your recovery key and store it in a safe place (preferably not on your computer—somewhere physically secure like a safe). We don’t recommend storing it with Apple.
- Restart your computer when prompted.
When you boot back up, OS X will begin encrypting your disk, and your computer will probably run a little slowly while it goes. It could take an hour or more, depending on how big your hard drive is.
Alternative Tools
TrueCrypt has long been one of the most popular encryption tools out there, and it’s one of the easiest to set up. It isn’t the only option, however. As we mentioned earlier, 7-Zip is also a great way to encrypt your files, as is BitLocker, which comes with the Pro version of Windows 8 (or the Enterprise and Ultimate versions of Windows 7). Check out our Hive Five on encryption tools for a comparison of some of the more popular alternatives if you want to try them out.
Final Words
As we mentioned at the beginning, encryption is not 100% foolproof—but it’s better than leaving your files out in the open. Remember what encryption can’t do—it can’t secure your drive if it’s infected with malware, if you leave it turned on in public spaces, or if you’re using a weak password. Even if you put your computer to sleep, it’s possible an experienced hacker could recover sensitive data from your computer’s RAM. Don’t let encryption lure you into a false sense of security: it’s just one layer of the security process.
Lastly, remember that this is just a beginner’s guide to what encryption is and how it works. There’s a lot more beyond basic encryption of files and folders, like transferring encrypted data to your friends, securing your email with PGP, encrypting your Dropbox, or creating a decoy operating system to further obscure your information. Now that you know the very basics, don’t be afraid to branch out and learn more about encryption and what you can do to secure your data. Good luck!
Leave a Reply