As digital security gets stronger, criminals and governments may choose to go after your data by physically taking your laptop or storage device. However, thanks to encryption, it’s possible to protect yourself from this invasion of privacy. In this article, we’ll go through how to encrypt a hard drive on Windows 10, macOS and Linux.
Encrypted hard drives will make it difficult for strangers to snoop through your files. It won’t protect you from most cybercrime, but your data will be much safer with encryption, rather than lying about for anyone to read.
The Benefits of Full Disk Encryption
Full disk encryption is a way to protect your entire hard drive, keeping your files encrypted and safe from prying eyes. When you boot into your computer, it will ask you for your password or passkey, which will decrypt everything. Read our full article for a more detailed description of encryption.
You could choose to encrypt specific files, but you would need to decrypt everything individually. With this method, you could also easily miss certain temporary files, leaving holes in your data’s security. Full disk encryption won’t leave any sensitive information unprotected.
However, full disk encryption isn’t always the best protection. With access to the drive and plenty of time, a thief could guess a simple password. To prevent this, you could use a long, random password, but unless you write it down — where the criminal might find it — you could lose access to the whole disk.
The Best Hard Drive Encryption Software
Depending on the operating system you’re using, there are different options for encryption, but your computer is likely to have some form of encryption software available. These options are all solid, so we’ll be using them, although they aren’t necessarily the best encryption software if you’re willing to pay and want to encrypt only specific files.
However, the security of any software encryption is only as good as your password, so make sure you use a strong one. You can also use a flash drive as a passkey, so you don’t need to remember a complex phrase, but be sure to keep these safe. If you lose your password and recovery key, you will lose your files.
Encrypting a Hard Drive in Windows 10, Mac or Linux
Now that you have a password ready and are aware of the potential issues of encryption, we will show you how to encrypt a hard drive on each major operating system.
Hard Drive Encryption in Windows 10
Each version of Windows since 2007 has had access to BitLocker, and this is the software we’ll be using. In Windows 10, you can access this in the “system and security” section of the control panel.
To find BitLocker for Windows 10, either go into the control panel or type “encryption” into the search bar. In this window, there is an option to turn BitLocker on. Select this and wait for it to check that your computer can be encrypted.
If you have a Trusted Platform Module (TPM), a prompt will appear to tell you to restart your computer and enable the TPM for BitLocker. If you don’t have a TPM, you might receive an error unless you allow BitLocker to run without one in the local computer policy settings.
Once BitLocker has finished checking your computer without any errors, you can either create a password or a physical passkey.
Now save or print a recovery key — you will need this if you forget your password — so keep it safe. This can even be attached to a Microsoft account, although a hacker could take it if your account is compromised.
Next you have to decide if you should encrypt the whole drive or just all saved files. Both options will protect all your saved data, but if you don’t do full encryption, any deleted files that are still on the disk will be accessible.
Your next option is whether or not to use Windows 10’s new encryption method, XTS-AES. This has better security, but previous versions of Windows can’t decrypt it.
Finally, ensure that the “BitLocker system check” is enabled and follow the prompt to restart your computer. If you receive a request for your password on your next boot, you know your whole disk is encrypted and your data is safer from thieves.
How to Encrypt Your Hard Drive in Windows 10
- Find BitLocker by typing “encryption” into the search bar
- Turn BitLocker on
- Enter your password or passkey
- Save your recovery key
- Choose your preferred encryption settings
- When prompted, restart your computer
Hard Drive Encryption in MacOS
Apple usually has a pretty solid stance on user privacy, so it should be no surprise that disk encryption is built right into macOS. This program, FileVault, uses AES 128-bit encryption and a 256-bit encryption key, so it’s an effective choice for data security.
To find FileVault, open your system preferences and choose “security & privacy.” Select the second tab along the top to enter the FileVault settings.
Click on the lock in the bottom-left corner and enter your administrator details, which will allow you to edit these settings.
To set up and begin the encryption, press the button labeled “turn on FileVault,” choose how you want to store your recovery key and press continue.
Once you restart your device, FileVault will begin encrypting your files. Simply wait until the process has finished protecting your data before you continue using your Mac.
How to Encrypt Your Hard Drive in MacOS
- Find FileVault in your system preferences
- Unlock the FileVault settings
- Turn FileVault on
- Save your recovery key
- Restart and wait for FileVault to encrypt your files
Hard Drive Encryption in Linux
Encryption on Linux is a little more complicated than on Windows 10 or macOS, with no standard preinstalled program available. It is possible to encrypt a hard drive without a full wipe. However, it will require that you have available unallocated space, enable Logical Volume Management (LVM) and are willing to use the command line.
That said, most Linux distributions (including but not limited to Fedora, Ubuntu, Debian, Linux Mint and openSuse) come with an option to encrypt your drive during installation. Because Linux is relatively easy to install, you should backup your data, grab your bootable installation device and set up an encrypted Linux environment.
Most Linux distributions use Logical Volume Management on Linux Unified Key Setup — or “LVM on LUKS” for short — so you’ll get a collection of encryption options when choosing where to install your operating system.
During the installation process, choose to encrypt your hard drive, when you first see the option. This is generally around the time you’re formatting and partitioning drives.
Then choose your password and any other security measures, such as overwriting empty disk space.
Now continue the installation as normal, and after you’ve done this, recover your files from the backup.
How to Encrypt Your Hard Drive in Linux
- Backup your files and begin to install Linux as normal
- Choose the option to encrypt your drive
- Enter your password and ensure you’re happy with the other settings
- Finish the installation and recover your files
How to Encrypt an External Hard Drive
If you’re looking to keep your data safe, creating a backup with local external storage is a cheap and effective solution. There are plenty of reliable external hard drives available, but the Samsung T5 is one of the best, and it even comes with its own encryption software for extra protection.
However, most external hard drives can be encrypted if you know what you’re doing. This process is different from encrypting an internal drive, so we’ll go through how you can do this on the main three operating systems.
Encrypt an External Hard Drive on Windows 10
For the best security, you should use a good external hard drive alongside BitLocker on Windows 10. This gives you access to newer encryption methods and the best compatibility options. For example, the Samsung T5 can be moved to a Mac out of the box and has an extra encryption layer.
Before you begin the encryption, make sure you back your files up and format your drive correctly, or you risk losing data. If you’re only using Windows 10, 8 or 7, choose NTFS, although if you also want to use it on a Mac or computer using Windows Vista or XP, then exFAT and FAT32 are better choices.
Once you’re sure your drive has the right file system type, open up Windows file explorer. Then right-click on your drive name and select “turn on BitLocker.”
In the BitLocker window, choose to use a password and enter your prepared phrase.
Now save the recovery key to a file or your Microsoft account. You’ll need to keep this safe in case you forget the password.
For extra security, you can choose to encrypt any data that is deleted but not overwritten. However, this will take much longer and isn’t usually necessary.
Next, select the method used to encrypt your hard drive; “compatible mode” is ideal if you’re likely to change to a non-Windows 10 computer, but the “new mode” has greater security.
Finally, start the encryption process and remember that this might take a few minutes.
How to Encrypt an External Hard Drive on Windows 10
- In file explorer, right-click your external hard drive
- Select “turn on BitLocker”
- Enter your password
- Save your recovery key
- Choose your preferred encryption settings
- Wait for BitLocker to finish encrypting your files
Encrypt an External Hard Drive on Mac
On a mac, encrypting your external drive is just as easy as an internal one. The only issue you’re likely to encounter is if the drive isn’t formatted correctly, so pick one of the best external hard drives for Mac, such as the Samsung T5.
First, plug in your hard drive and check its file system is appropriate. Then open up Finder and right-click on the disk you want to encrypt.
Now, select the option to encrypt it. This will open up an overlay asking for a password.
Enter your password and start the encryption process. Don’t lose this password, as Apple doesn’t create a recovery key for external drives.
You will know it’s done when the disk is automatically unmounted and then remounted. To mount it after this, you will need your password.
How to Encrypt an External Hard Drive on MacOS
- Open Finder and right-click your drive
- Select the option to encrypt it
- Enter your password and begin the encryption
- Wait for the encryption to finish
Encrypt an External Hard Drive on Linux
External hard drive encryption on Linux is possible in the terminal. However, given the potential for something to go wrong, you’re better off using software with a GUI and walkthrough.
Since it’s discontinuation a few years back, alternatives to TrueCrypt have become more mainstream. One of the best among these, VeraCrypt, still has excellent Linux support, so we’ll be using it here. You can read more about what this application can do in our full VeraCrypt review.
To prepare your drive for encryption, you’ll need to backup any data because the encryption process will format it. If you’re not sure which drive to use, most external hard drives with 2TB or less should work fine.
To begin to encrypt your disk, plug it in and open up VeraCrypt. Then select an empty slot and click “create volume” to open the encryption window.
For the first two options in the volume creation wizard, the defaults will be fine. Then you can select your disk or partition. If you don’t know which one to choose, use the total storage space as a guide.
Continue with the default encryption options and enter your password when prompted.
If you need to store large files, choose the option to do so now. If you aren’t sure, it’s best to go with it just in case. Then, change your formatting options to either Ext4 if you only use Linux, NTFS for compatibility with Windows computers or exFAT to use the drive on almost any computer.
Now choose to enable cross-platform support and continue to the “volume format” page. Here, you need to move your mouse randomly until you fill the first bar, then press “format.” This adds security by creating an encryption key that’s harder to guess.
Once VeraCrypt has finished, you can mount the drive by selecting an empty slot, clicking “select device,” choosing the encrypted drive and pressing “mount.”
How to Encrypt an External Hard Drive on Linux
- Plug in your drive and open VeraCrypt
- Choose an empty slot and click “create volume”
- Go through the encryption window and choose your settings
- When asked to choose your disk, select it based off the total space
- After a few more settings, enter your password
- Then select the option for large files and choose the filesystem type
- Now mount the drive in VeraCrypt and enter your password
Having a laptop or hard drive stolen is stressful, but with encryption, you can keep your data safe. Even if you have an obscure piece of hardware or an uncommon operating system, encryption has never been a more accessible form of security.
However, encryption can only protect you from physical threats, and you may still be vulnerable to other forms of cybercrime. With the security of a good antivirus, VPN and cloud backup in place, you can protect yourself from the countless criminals, companies and governments that want your data. You can also keep your data safe from accidental deletion by using the 3-2-1 backup rule.
In case you need it, we also have a guide on how to wipe a hard drive.
Have you tried encrypting hard drives before? How did it go? Let us know your thoughts in the comments below. Thanks for reading.
- Full disk encryption is a way of protecting your files by scrambling all of the data. This encrypted file can only be decrypted and read by someone with the correct password or passkey. Often, all files will be encrypted when you log off, and everything decrypted upon logging in, so your computer isn’t significantly slowed down.