Disk encryption has been available in Windows 10 as part of the operating system for years and it is a feature called BitLocker. However, not everyone is able to use it because it is limited to the Ultimate, Pro and Business versions of the OS and not the Home editions used by many people.
Encryption is an essential security feature these days and to prevent a large sector of the Windows market from using it is surely wrong. What can you do?
The solution is to use a third party encryption utility such as VeraCrypt. This is a development of the old TrueCrypt encryption program, which came to an end a few years ago.
VeraCrypt is free and open source, and it enables you to create encrypted containers for storing files and to also encrypt the whole disk. It is probably the best free encryption tool you can use.
1 Install VeraCrypt
Go to the VeraCrypt website and download the Windows version of the software. (Linux and Mac versions are also available, although macOS has its own encryption built in, so it’s not really required.)
There are two options during installation and VeraCrypt can either be installed or extracted. I avoid installing software whenever possible and choose portable apps over installed ones.
Select the option you want. Don’t worry about the messages when the Extract option is used. It just means you have to manually run the program each time you want to use it, rather than it being available all the time.
2 Use the Tools menu
Go to the Tools menu and select Volume Creation Wizard.
3 Volume creation options
There are three options and the one we want is Encrypt a non-system partition/drive. This encrypts extra disks, not the Windows boot disk. It won’t encrypt drive C:, but it will encrypt any other drive letter.
4 Standard vs hidden volumes
Select the Standard VeraCrypt volume option. It is possible to create an encrypted disk inside an encrypted disk for extra security using the Hidden option, but for most people the Standard option is the best one.
5 Select the disk to encrypt
In the next window, click Select Device. A list of drives and partitions is displayed and you just select the one you want to encrypt. There may be more disks than you expect because Windows creates recovery partitions, there may be unused bits on the internal disk and so on. External disks plugged into USB ports are labelled as external disks.
6 Erase or keep files on the disk
Two options are presented and the top one, Create encrypted volume and format it, erases the current contents of the disk and wipes it clean.
The second option, Encrypt partition in place, keeps all the files on the disk and encrypts them. It’s up to you whether you want to erase or keep whatever is currently on the disk
7 Pick the encryption type
Several different encryption methods are available, such as AES, Serpent, Twofish, and variations of these. The default is AES and this is very secure. Just click the Next button to accept this.
8 Create a secure password
Click through the confirmation screen and then think of a password. This is often the weakest link in any type of security. Many passwords can be guessed and people make them too simple. The more complicated you make the password, the stronger the security will be.
9 Format and encrypt the disk
Before clicking the Format button, move the mouse around the VeraCrypt window. These random mouse movements are translated into random data used to encrypt the disk. Keep going until the green bar reaches the end.
Click the Format button to format the disk and encrypt it. Click the Exit button when it has finished.
10 Mount the disk for use
Although the disk can be seen in Explorer, it cannot be accessed because VeraCrypt must be used to mount it.
Click the drive letter you want to use in the list. Click Select Device. Click Mount. Enter the password.
This adds a new drive to Explorer with the drive letter you select. Any files you create or move to this drive will be encrypted. Bear in mind that when you have mounted a disk, the files are accessible, so if you leave your computer for a coffee or lunch break, someone could sit down at your computer and access your files.
The Mount button becomes Dismount and clicking it locks the encrypted disk and prevents anyone from accessing your files. Don’t forget to dismount disks when you walk away from your computer or shut it down.