Encrypting your data is one of the best ways to protect yourself from harm. Whether you think you store important data on your computer or not, there are hackers out there who would love to browse through your files, pictures, and data to do harm like identity theft. Even something as innocuous as pictures can be used in very evil ways if in the wrong hands. ..

BitLocker is a security feature in Windows that encrypts your hard drive. FileVault is a security feature in OS X that encrypts your files. Both features are available on most modern computers.

We no longer recommend TrueCrypt because it is no longer supported, and the team even recommends using BitLocker instead.

Bitlocker on Windows

  1. BitLocker is a two-step process. First, you need to create a recovery key. This key will help you if your computer fails to boot after BitLocker has been enabled. You can create a recovery key by using the Windows 7 or Windows 8 Recovery Options menu.

  2. Second, you need to encrypt your drive with BitLocker. To do this, open the Start screen and type “BitLocker” into the search bar. Click on the “BitLocker” app that appears in the results list and follow the instructions onscreen to encrypt your drive. ..

  3. BitLocker helps protect your data by encrypting it with a strong key before it is stored on your computer.

  4. If your computer is lost or stolen, the thief won’t be able to access your data unless they have the correct key to decrypt it.

  5. To use BitLocker, you need to create a recovery password and store it in a safe place. You can also use BitLocker to protect files that you don’t want anyone to access, such as photos or videos. ..

BitLocker provides three authentication mechanisms: TPM (Trusted Platform Module), PIN, and USB key. For the greatest security, you want to use TPM plus a PIN. The PIN is a password that has to be entered by the user before the booting process. ..

  1. Older computers that don’t support TPM can only use the USB key authentication mechanism. This is not as secure as using TPM with a PIN or TPM with a USB key or TPM with both a PIN and a USB key. ..

Never store a backup key on paper. If someone can get access to your paper, they can decrypt your entire hard drive.

In the BitLocker Drive Encryption dialog, select the option to enable BitLocker.

To get started, all you have to do is click on Turn On BitLocker.

If you have a newer computer with a processor that supports TPM, you can enable BitLocker by following these steps:

  1. Open the Start screen and type “cmd”.
  2. Type “netstat -a” and press Enter.
  3. Look for the line that says “TPM 0x00000000”. If it exists, change it to “TPM 0x00000100”. If it doesn’t exist, create it by typing “netstat -a | grep TPM” and pressing Enter.
  4. Change the value of this line to 1 if you want to enable BitLocker on your computer permanently or 0 if you want to disable BitLocker for a specific session or computer instance.

If you have followed the directions in that post, then clicking on Turn On BitLocker again should not result in an error message. Instead, the BitLocker Drive Encryption setup will start. ..

The Setup Wizard will create two partitions on your hard drive. The System partition will be the smallest and will contain your operating system and all of your programs. The operating system partition will be the larger and will hold your data, including your files and folders.

You will have to wait a few minutes while the C drive is shrunken down and the new partition is created. After it is finished, you will be asked to restart your computer. Go ahead and do that.

If you have BitLocker enabled on your Windows computer, the setup should automatically check for and start encrypting your hard drive when Windows restarts. Click Next to continue.

If you don’t have a TPM installed, you can’t use a PIN for startup. You can only use a USB key to start BitLocker.

You will need to insert a USB stick in order to save the startup key. Next, you will need to create a recovery key. You can save it to a USB drive, to a file, or even print it. It is best not to print it as it may not be able to be retrieved if needed. ..

After this, you’ll be asked if you’re ready to encrypt the hard drive, which will require a restart. ..

If Windows is able to read the encryption keys off your USB stick or from the TPM, you should see a dialog pop up telling you that the drive is being encrypted. ..

After you encrypt your data, it is inaccessible without the correct key. It is important to remember that using BitLocker without a TPM is less secure and even if you use a TPM, you need to use it with a PIN or with both a USB key and a TPM to be truly protected. ..

OS X FileVault is a security feature that stores your user’s login information in RAM memory, so if you’re not using your computer, the keys could be stolen by savvy hackers.

FileVault in OS X

BitLocker in OS X provides the same functionality as FileVault in Windows. You can encrypt the entire drive and a separate boot volume is created to store user authentication information unencrypted.

To use FileVault, you need to go to System Preferences and click on Security & Privacy.

Now click on the FileVault tab and click on the Turn On FileVault button. If the button is disabled, you have to click the little yellow lock at the bottom left of the dialog and enter your system password in order to make changes.

You can either store your recovery key in iCloud or you can get a recovery key code and then store it in a safe place. I would highly recommend against using iCloud because if law enforcement or a hacker needs to break into your computer, all they have to do is get access to your iCloud account to remove the encryption.

OS X will start encrypting your data when it logs back in. You can go to Security and Privacy to see the progress of the encryption. If you have a new MacBook, the impact may be less.

All full-disk encryption can still be hacked, even with key storage in RAM, because the keys get stored in memory while you’re logged in. You must always shut down the computer instead of putting it to sleep and you should always disable automatic login. In addition, if you use a pre-boot PIN or password, your security will be increased and it will be extremely difficult for even technical forensic experts to crack into your hard drive. Have any questions? Post a comment! Enjoy! ..