How to Encrypt a Windows System Drive With VeraCrypt
Held in high regard by many, VeraCrypt is a free and open-source file encryption program. Users can take advantage of VeraCrypt’s advanced security features to protect important files.
People normally use VeraCrypt to create encrypted file containers within a drive. But you can also encrypt entire partitions and drives using it. Windows users in particular can encrypt their system drives and partitions. Here’s how you can secure your Windows system by using VeraCrypt.
Encrypting a Windows Storage Drive or Partition With VeraCrypt
VeraCrypt users commonlyprotect their files inside an encrypted file container. But VeraCrypt can also be used to create other types of encrypted volumes.
Windows users can use VeraCrypt toencrypt their entire system drive. They can alsopartition their hard drive, then encrypt a partition with VeraCrypt. With system encryption, users will need to enter the correct password before opening Windows.
This option is only available for Windows users as an alternative toBitLocker, Windows' file encryption program. This is especially important if you use a Home version of Windows, since BitLocker is only available for Windows Pro and Enterprise users. Linux users can instead encrypt their drives using LUKS. And macOS users can use the FileVault to encrypt their system drives.
To do this, start by clickingCreate Volumein VeraCrypt’s main window. This will take you to the VeraCrypt Volume Creation Wizard. Click theEncrypt the system partition or entire system driveoption, then clickNext.
The wizard will prompt you to select a type of encryption for your system drive. Users have the between creating a normal or hidden drive or partition.
Choose your preferred encryption type and clickNext.
The next step is choosing an area to encrypt. You can choose between encrypting the Windows system partition or the entire drive. Encrypting the whole drive has the advantage of protecting all its partitions.
Choose your preferred area to encrypt and clickNext.
If you choose to encrypt the whole drive, VeraCrypt may warn you that a non-standard partition exists on your internal hard drive. Only clickYesif you are sure that your drive does not have any recovery partitions. Recovery partitions could be rendered incapable if encrypted.
VeraCrypt will also account for drives running two or more operating systems. If you’redual-booting Linuxor another OS, then select theMulti-bootoption. If not, then stay on theSingle-bootoption and clickNext.
On the Encryption Options screen, you could choose anEncryption AlgorithmandHash Algorithm. These algorithms determine how VeraCrypt will encrypt your volume. When you’re done choosing or are fine with the default options, clickNext.
Choose a strong passwordfor your drive or partition and enter it in thePasswordbox, and again in theConfirmbox.
you could also set a Personal Iterations Multiplier (PIM) number for your Windows drive. A PIM controls the number of times yourpassword is hashedbefore VeraCrypt can use it to decrypt the system drive. This step is optional. You can leave theVolume PIMvalue blank or set it to 0 to use the default PIM value. Once you’ve set a PIM number, clickNext.
The wizard will begin collecting random data. This random data increases the cryptographic strength of your drive’s encryption keys. Move your mouse around the window randomly until VeraCrypt has collected enough randomness. Once this is done, clickNext.
AUser Account Controlpop-up may ask you to allow VeraCrypt to make changes to your device. ClickYes.
Once VeraCrypt has generated the encryption keys, you will need to create a rescue disk. Having a rescue disk for an encrypted system drive is essential. You can use it if the VeraCrypt Boot Loader, Windows, or any other critical data gets damaged.
VeraCrypt will create a rescue disk asan ISO file. Select the location for your rescue disk file, then clickNext.
VeraCrypt will prompt you if you do not have a CD/DVD burner on your system. Once your rescue disk is created, you need to burn it to a CD/DVD drive. Since CDs and DVDs are hard to come by these days, you’re able to alsoflash the ISO file to a USB drive. You also have the option to store it externally for later flashing or burning.
In any case, ensure that the rescue disk is outside your system once it’s created. Also, note that every VeraCrypt rescue disk is unique to its encrypted drive. Select the appropriate option for your use case to continue.
The wizard will prompt you to select a mode of wiping any unencrypted data left on the system. You should at least select1 pass (random data)if you have any deleted or overwritten files. Once you have selected the appropriate wipe mode, clickNext.
VeraCrypt will run a pretest before encrypting your drive. Restart your computer to begin the pretest.
Upon restart, your computer will go through the VeraCrypt Boot Loader. You will have to type your password on the boot loader to decrypt your system and open Windows. You will also need to input your encrypted drive’s PIM number if you set one earlier.
Once you’ve opened your Windows desktop, VeraCrypt will notify you that the pretest is finished. ClickEncryptto begin encrypting your Windows drive or partition.
Depending on your drive or partition size, the encryption process can take some time. If you need to use your Windows PC in the meantime, you can pause or defer the encryption process by clickingDefer.
Once VeraCrypt completes the process, your Windows system drive or partition will be encrypted. You will have to go through the VeraCrypt Boot Loader every time your start up your computer. You can rest easier knowing that strong encryption is protecting your desktop.
How to Remove VeraCrypt Encryption From a Windows Drive or Partition
If you need to remove VeraCrypt’s encryption from your Windows drive or partition, clickVolumeson VeraCrypt’s main window. Next, clickPermanently Decrypt.
VeraCrypt will prompt you twice to make sure that you really want to decrypt your drive/partition. ClickYeson both pop-ups to begin the permanent decryption process.
Like system encryption, permanent Windows system decryption will take some time. You can clickDeferif you need to use your PC during decryption.
Once VeraCrypt finishes decrypting your drive, restart your computer. This will finally remove encryption from your system drive or partition.
Why Should You Encrypt Their Drives With VeraCrypt Instead of BitLocker?
VeraCrypt serves as a strong alternative to Windows' BitLocker program. Bitlocker is proprietary software owned by Microsoft. It’s only available on Pro and Enterprise versions of Windows. While BitLocker is effective and convenient, it only supports the AES algorithm for encryption.
Meanwhile, VeraCrypt is free and open-source. It supports many encryption ciphers besides AES. VeraCrypt is also available to all versions of Windows, macOS, and Linux. The program also has many advanced features to ensure that your files secure.
Thinking about encrypting your Linux disk? It’s a wise move, but wait until you’ve considered arguments for and against.
Make sure you don’t miss these movies and shows before Netflix removes them.
Turn these settings on, and your iPhone will be so much better than before.
Windows is great, but adding this makes it unstoppable.
You’ve been quoting these famous films wrong all along!
You can’t call this offline, Notion.
