How to Encrypt Your Hard Drive in 2020

Robin Barber
By Robin Barber (Writer)
— Last Updated: 2020-07-22T08:13:20+00:00


As digital security gets stronger, criminals and governments may choose to go after your data by physically taking your laptop or storage device. However, thanks to encryption, it’s possible to protect yourself from this invasion of privacy. In this article, we’ll go through how to encrypt a hard drive on Windows 10, macOS and Linux.

Encrypted hard drives will make it difficult for strangers to snoop through your files. It won’t protect you from most cybercrime, but your data will be much safer with encryption, rather than lying about for anyone to read.

The Benefits of Full Disk Encryption

Full disk encryption is a way to protect your entire hard drive, keeping your files encrypted and safe from prying eyes. When you boot into your computer, it will ask you for your password or passkey, which will decrypt everything. Read our full article for a more detailed description of encryption.

You could choose to encrypt specific files, but you would need to decrypt everything individually. With this method, you could also easily miss certain temporary files, leaving holes in your data’s security. Full disk encryption won’t leave any sensitive information unprotected.

However, full disk encryption isn’t always the best protection. With access to the drive and plenty of time, a thief could guess a simple password. To prevent this, you could use a long, random password, but unless you write it down — where the criminal might find it — you could lose access to the whole disk.

The Best Hard Drive Encryption Software

Depending on the operating system you’re using, there are different options for encryption, but your computer is likely to have some form of encryption software available. These options are all solid, so we’ll be using them, although they aren’t necessarily the best encryption software if you’re willing to pay and want to encrypt only specific files. 

However, the security of any software encryption is only as good as your password, so make sure you use a strong one. You can also use a flash drive as a passkey, so you don’t need to remember a complex phrase, but be sure to keep these safe. If you lose your password and recovery key, you will lose your files.

Encrypting a Hard Drive in Windows 10, Mac or Linux

Now that you have a password ready and are aware of the potential issues of encryption, we will show you how to encrypt a hard drive on each major operating system.

Hard Drive Encryption in Windows 10

Each version of Windows since 2007 has had access to BitLocker, and this is the software we’ll be using. In Windows 10, you can access this in the “system and security” section of the control panel.

To find BitLocker for Windows 10, either go into the control panel or type “encryption” into the search bar. In this window, there is an option to turn BitLocker on. Select this and wait for it to check that your computer can be encrypted.

Windows_Internal_Bitlocker_Check_Drive

If you have a Trusted Platform Module (TPM), a prompt will appear to tell you to restart your computer and enable the TPM for BitLocker. If you don’t have a TPM, you might receive an error unless you allow BitLocker to run without one in the local computer policy settings.

Once BitLocker has finished checking your computer without any errors, you can either create a password or a physical passkey.

Windows_Internal_Bitlocker_Password

Now save or print a recovery key — you will need this if you forget your password — so keep it safe. This can even be attached to a Microsoft account, although a hacker could take it if your account is compromised.

Windows_Internal_Bitlocker_Recovery_Key

Next you have to decide if you should encrypt the whole drive or just all saved files. Both options will protect all your saved data, but if you don’t do full encryption, any deleted files that are still on the disk will be accessible.

Windows_Internal_Bitlocker_Select_Part_Drive

Your next option is whether or not to use Windows 10’s new encryption method, XTS-AES. This has better security, but previous versions of Windows can’t decrypt it.

Windows_Internal_Bitlocker_Encrypt_Method

Finally, ensure that the “BitLocker system check” is enabled and follow the prompt to restart your computer. If you receive a request for your password on your next boot, you know your whole disk is encrypted and your data is safer from thieves.

Windows_Internal_Bitlocker_Password_On_Restart

How to Encrypt Your Hard Drive in Windows 10

  1. Find BitLocker by typing “encryption” into the search bar
  2. Turn BitLocker on
  3. Enter your password or passkey
  4. Save your recovery key
  5. Choose your preferred encryption settings
  6. When prompted, restart your computer


Hard Drive Encryption in MacOS

Apple usually has a pretty solid stance on user privacy, so it should be no surprise that disk encryption is built right into macOS. This program, FileVault, uses AES 128-bit encryption and a 256-bit encryption key, so it’s an effective choice for data security.

To find FileVault, open your system preferences and choose “security & privacy.” Select the second tab along the top to enter the FileVault settings. 

Mac_Internal_Filevault_Locked

Click on the lock in the bottom-left corner and enter your administrator details, which will allow you to edit these settings.

Mac_Internal_Filevault_Unlocked

To set up and begin the encryption, press the button labeled “turn on FileVault,” choose how you want to store your recovery key and press continue. 

Mac_Internal_FileVault_Recovery_Key

Once you restart your device, FileVault will begin encrypting your files. Simply wait until the process has finished protecting your data before you continue using your Mac.

How to Encrypt Your Hard Drive in MacOS

  1. Find FileVault in your system preferences
  2. Unlock the FileVault settings
  3. Turn FileVault on
  4. Save your recovery key
  5. Restart and wait for FileVault to encrypt your files 


Hard Drive Encryption in Linux

Encryption on Linux is a little more complicated than on Windows 10 or macOS, with no standard preinstalled program available. It is possible to encrypt a hard drive without a full wipe. However, it will require that you have available unallocated space, enable Logical Volume Management (LVM) and are willing to use the command line.

That said, most Linux distributions (including but not limited to Fedora, Ubuntu, Debian, Linux Mint and openSuse) come with an option to encrypt your drive during installation. Because Linux is relatively easy to install, you should backup your data, grab your bootable installation device and set up an encrypted Linux environment.

Most Linux distributions use Logical Volume Management on Linux Unified Key Setup — or “LVM on LUKS” for short — so you’ll get a collection of encryption options when choosing where to install your operating system.

During the installation process, choose to encrypt your hard drive, when you first see the option. This is generally around the time you’re formatting and partitioning drives.

Linux_Internal_Option_To_Encrypt

Then choose your password and any other security measures, such as overwriting empty disk space.

Linux_Internal_Encryption_Password

Now continue the installation as normal, and after you’ve done this, recover your files from the backup.

How to Encrypt Your Hard Drive in Linux

  1. Backup your files and begin to install Linux as normal
  2. Choose the option to encrypt your drive
  3. Enter your password and ensure you’re happy with the other settings 
  4. Finish the installation and recover your files


How to Encrypt an External Hard Drive

If you’re looking to keep your data safe, creating a backup with local external storage is a cheap and effective solution. There are plenty of reliable external hard drives available, but the Samsung T5 is one of the best, and it even comes with its own encryption software for extra protection.

However, most external hard drives can be encrypted if you know what you’re doing. This process is different from encrypting an internal drive, so we’ll go through how you can do this on the main three operating systems.

Encrypt an External Hard Drive on Windows 10

For the best security, you should use a good external hard drive alongside BitLocker on Windows 10. This gives you access to newer encryption methods and the best compatibility options. For example, the Samsung T5 can be moved to a Mac out of the box and has an extra encryption layer.

Before you begin the encryption, make sure you back your files up and format your drive correctly, or you risk losing data. If you’re only using Windows 10, 8 or 7, choose NTFS, although if you also want to use it on a Mac or computer using Windows Vista or XP, then exFAT and FAT32 are better choices. 

Once you’re sure your drive has the right file system type, open up Windows file explorer. Then right-click on your drive name and select “turn on BitLocker.”

Windows_External_Bitlocker_Turn_On

In the BitLocker window, choose to use a password and enter your prepared phrase.

Windows_External_Bitlocker_Enter_Password

Now save the recovery key to a file or your Microsoft account. You’ll need to keep this safe in case you forget the password.

Windows_External_Bitlocker_Recovery_Key

For extra security, you can choose to encrypt any data that is deleted but not overwritten. However, this will take much longer and isn’t usually necessary. 

Windows_External_Bitlocker_Encrypt_Drive

Next, select the method used to encrypt your hard drive; “compatible mode” is ideal if you’re likely to change to a non-Windows 10 computer, but the “new mode” has greater security. 

Windows_External_Bitlocker_Encryption_Mode

Finally, start the encryption process and remember that this might take a few minutes.

Windows_External_Bitlocker_Encrypting

How to Encrypt an External Hard Drive on Windows 10

  1. In file explorer, right-click your external hard drive
  2. Select “turn on BitLocker”
  3. Enter your password
  4. Save your recovery key
  5. Choose your preferred encryption settings
  6. Wait for BitLocker to finish encrypting your files


Encrypt an External Hard Drive on Mac

On a mac, encrypting your external drive is just as easy as an internal one. The only issue you’re likely to encounter is if the drive isn’t formatted correctly, so pick one of the best external hard drives for Mac, such as the Samsung T5.

First, plug in your hard drive and check its file system is appropriate. Then open up Finder and right-click on the disk you want to encrypt.

Mac_External_Right_Click_Menu

Now, select the option to encrypt it. This will open up an overlay asking for a password.

Mac_External_Encrypt_Drive

Enter your password and start the encryption process. Don’t lose this password, as Apple doesn’t create a recovery key for external drives.

Mac_External_Choose_Password

You will know it’s done when the disk is automatically unmounted and then remounted. To mount it after this, you will need your password.

Mac_External_Enter_Password

How to Encrypt an External Hard Drive on MacOS

  1. Open Finder and right-click your drive
  2. Select the option to encrypt it
  3. Enter your password and begin the encryption
  4. Wait for the encryption to finish


Encrypt an External Hard Drive on Linux

External hard drive encryption on Linux is possible in the terminal. However, given the potential for something to go wrong, you’re better off using software with a GUI and walkthrough. 

Since it’s discontinuation a few years back, alternatives to TrueCrypt have become more mainstream. One of the best among these, VeraCrypt, still has excellent Linux support, so we’ll be using it here. You can read more about what this application can do in our full VeraCrypt review.

To prepare your drive for encryption, you’ll need to backup any data because the encryption process will format it. If you’re not sure which drive to use, most external hard drives with 2TB or less should work fine.

To begin to encrypt your disk, plug it in and open up VeraCrypt. Then select an empty slot and click “create volume” to open the encryption window.

LInux_External_Veracrypt_Menu

For the first two options in the volume creation wizard, the defaults will be fine. Then you can select your disk or partition. If you don’t know which one to choose, use the total storage space as a guide.

Linux_External_Veracrypt_Select_Drive

Continue with the default encryption options and enter your password when prompted. 

Linux_External_Veracrypt_Enter_Password

If you need to store large files, choose the option to do so now. If you aren’t sure, it’s best to go with it just in case. Then, change your formatting options to either Ext4 if you only use Linux, NTFS for compatibility with Windows computers or exFAT to use the drive on almost any computer.

Linux_External_Veracrypt_Format_To_Ext4

Now choose to enable cross-platform support and continue to the “volume format” page. Here, you need to move your mouse randomly until you fill the first bar, then press “format.” This adds security by creating an encryption key that’s harder to guess.

Linux_External_Veracrypt_Volume_Format

Once VeraCrypt has finished, you can mount the drive by selecting an empty slot, clicking “select device,” choosing the encrypted drive and pressing “mount.”

How to Encrypt an External Hard Drive on Linux

  1. Plug in your drive and open VeraCrypt
  2. Choose an empty slot and click “create volume”
  3. Go through the encryption window and choose your settings
  4. When asked to choose your disk, select it based off the total space
  5. After a few more settings, enter your password
  6. Then select the option for large files and choose the filesystem type
  7. Now mount the drive in VeraCrypt and enter your password


Final Thoughts

Having a laptop or hard drive stolen is stressful, but with encryption, you can keep your data safe. Even if you have an obscure piece of hardware or an uncommon operating system, encryption has never been a more accessible form of security.

However, encryption can only protect you from physical threats, and you may still be vulnerable to other forms of cybercrime. With the security of a good antivirus, VPN and cloud backup in place, you can protect yourself from the countless criminals, companies and governments that want your data. You can also keep your data safe from accidental deletion by using the 3-2-1 backup rule.

Have you tried encrypting hard drives before? How did it go? Let us know your thoughts in the comments below. Thanks for reading.

FAQ

  • What Is Full Disk Encryption?

    Full disk encryption is a way of protecting your files by scrambling all of the data. This encrypted file can only be decrypted and read by someone with the correct password or passkey. Often, all files will be encrypted when you log off, and everything decrypted upon logging in, so your computer isn’t significantly slowed down.