Windows 10 sometimes uses encryption by default, and sometimes it doesn’t — it’s complicated. Here’s how to check if your Windows 10 PC’s storage is encrypted and how to encrypt it if it isn’t. Encryption isn’t just about stopping the NSA — it’s about protecting your sensitive data in case you ever lose your PC.
Unlike all other modern consumer operating systems — Mac OS X, Chrome OS, iOS, and Android, –Windows 10 still doesn’t offer integrated encryption tools to everyone. You may have to pay for the Professional edition of Windows 10 or use a third-party encryption solution.
Device Encryption
Many new PCs that ship with Windows 10 will automatically have “Device Encryption” enabled. This feature was first introduced in Windows 8.1, and there are specific hardware requirements for this.
There’s another limitation, too — it only actually encrypts your drive if you sign into Windows with a Microsoft account. Your recovery key is then uploaded to MIcrosoft’s servers. This will help you recover your files if you ever can’t log into your PC. (This is also why the FBI likely isn’t too worried about this feature, but we’re just recommending encryption as a means to protect your data from laptop thieves here. If you’re worried about the NSA, you may want to use a different encryption solution.)
To check if Device Encryption is enabled, open the Settings app, navigate to System > About, and look for a “Device encryption” setting at the bottom of the About pane. If you don’t see anything about Device Encryption here, your PC doesn’t support Device Encryption and it’s not enabled.
BitLocker
If Device Encryption isn’t enabled — or if you want a more powerful encryption solution that can also encrypt removable USB drives, for example — you’ll want to use BitLocker. Microsoft’s BitLocker encryption tool has been part of Windows for several versions now, and it’s generally well regarded. However, Microsoft still restricts BitLocker to Professional editions of Windows 10.
If you already have a Professional edition of Windows 10 installed on your PC, you can search for “BitLocker” in the Start menu and use the BitLocker control panel to enable it. If you upgraded for free from Windows 7 Professional or Windows 8.1 Professional, you should have Windows 10 Professional.
If you don’t have a Professional edition of Windows 10, you can pay $99 to upgrade your Windows 10 Home to Windows 10 Professional. Just open the Settings app, navigate to Update & security > Activation, and click the “Go to Store” button. You’ll gain access to BitLocker and the other features that Windows 10 Professional includes.
TrueCrypt and Its Derivatives
Spending another $99 just to encrypt your hard drive for some additional security can be a tough sell when modern Windows PCs often only cost a few hundred bucks in the first place. You don’t have to pay the extra money for encryption because BitLocker isn’t the only option. BitLocker is the most integrated, well-supported option — but there are other encryption tools you can use.
TrueCrypt — an open-source full-disk encryption tool — still works with Windows 10 and is still an option. There are also other full-disk encryption tools based on TrueCrypt. These are free, open-source encryption tools you can install on Windows 10 Home or previous versions of Windows to encrypt your hard drive if you don’t have access to BitLocker. Unfortunately, TrueCrypt might require some fiddling if you have a modern PC. But, if you have a Windows 7-era PC you’ve upgraded to Windows 10, it may just work.
Yes, TrueCrypt’s developers did famously shut down development and declare TrueCrypt vulnerable and unsafe to use, but the jury is still out in the security community on whether it actually is vulnerable or not. More importantly, much of the discussion around this centers on whether the NSA and other security agencies have a way to crack TrueCrypt encryption. If you’re just encrypting your hard drive so thieves can’t access your personal files if they steal your laptop, you don’t have to worry about this. TrueCrypt should be more than secure enough.
We’d like to see Microsoft give more Windows 10 users access to BitLocker — or at least extend Device Encryption so it can be enabled on more PCs. Modern Windows computers should have built-in encryption tools, just like all other modern consumer operating systems do. Windows 10 users shouldn’t have to pay extra or hunt down third-party software to protect their important data if their laptops are ever misplaced or stolen..
0 comments:
Post a Comment