ThisCybersecurity Awareness Weekarticle is brought to you in association withIncogni.
What is VeraCrypt?
VeraCrypt is a free and open-source tool you could use toenable full-disk encryptionon any Windows PC.
Corbin Davenport / How-To Geek
You use your gear normally after it boots.
VeraCrypt handles the encryption in the background, and everything else happens transparently.
VeraCrypt is a project based on the source code of the old TrueCrypt software, which was discontinued.
What is Full-Disk Encryption?
Full-disk encryption does this to your your entire drive.
Why Use VeraCrypt to Encrypt Your Drive?
The primary advantage of VeraCrypt is that you might use it onalmostany computer and it is completely free.
VeraCrypt can run on any of them.
you might even use it on devices with ARM-based processors, like a Raspberri Pi.
VeraCrypt also does a good job of guiding you through the process and take the appropriate precautions.
How to Install VeraCrypt and Encrypt your System Drive
DownloadVeraCryptto get started.
trigger the installer and grab the “Install” option.
Once VeraCrypt is installed, open your Start menu and launch the “VeraCrypt” shortcut.
Click System > Encrypt System Partition/Drive in the VeraCrypt window to get started.
You’ll be asked whether you want to use “Normal” or “Hidden” system encryption.
The Normal option encrypts the system partition or drive normally.
When you boot your machine, you’ll have to provide your encryption password to access it.
No one will be able to access your files without your password.
The Hidden option creates an operating system in a hidden VeraCrypt volume.
In terms of encryption, using “Normal” encryption keeps your files just as secure.
If you’re not sure which you want, select “Normal” and continue.
Consult VeraCrypt’s documentation formore information about hidden operating systems.
you might choose to either “Encrypt the Windows system partition” or “Encrypt the whole drive”.
It’s up to you which option you prefer.
VeraCrypt will ask how many operating systems you have on your PC.
Most people only have a single operating system installed and should choose “Single-boot”.
You’ll then be asked to choose which jot down of encryption you want to use.
While there are multiple options available, we recommend sticking with the default options.
“AES” encryption and the “SHA-256” hash algorithm are good choices.
They’re all solid encryption schemes.
You’ll then be asked to enter a password.
As VeraCrypt’s wizard notes, it’s very important to choose a good password.
Choosing an obvious or simple password will make your encryption vulnerable tobrute-force attacks.
The wizard recommends choosing a password of 20 more more characters.
it’s possible for you to enter a password of up to 64 characters.
You’ll lose access to your files if you ever lose the password, so verify you remember it.
There are a few more options here, but they’re not necessary.
VeraCrypt will ask you to move your mouse randomly around inside the window.
It uses these random mouse movements to increase the strength of your encryption keys.
When you’ve filled up the meter, click “Next”.
The wizard will inform you it’s generated the encryption keys and other data it needs.
Click “Next” to continue.
The VeraCrypt wizard will force you to create a VeraCrypt Rescue Disk image before continuing.
VeraCrypt will simply create a rescue disk ZIP at “C:\Users\NAME\Documents\VeraCrypt Rescue Disk.zip” by default.
VeraCrypt will confirm that you’ve done this correctly when you click “Next” a few times.
you could’t just reuse the same VeraCrypt rescue disk on multiple computers.
You need a unique rescue disk for each PC!
Consult VeraCrypt’s documentation formore information about VeraCrypt rescue disks.
Next, you’ll be asked for the “wipe mode” you want to use.
If you’re not concerned about this, select “None (fastest)”.
It’s faster not to wipe the drive.
The larger the number of passes, the longer the encryption process will take.
This setting only applies to the initial setup process.
VeraCrypt will now verify everything is working correctly before it encrypts your drive.
Click “Test” and VeraCrypt will plant the VeraCrypt bootloader on your PC and restart.
You’ll have to drop your encryption password when it boots.
VeraCrypt will provide information about what to do if Windows doesn’t start.
Windows should start and ask if you want to uninstall the VeraCrypt bootloader.
If that doesn’t work, you should insert the VeraCrypt rescue disk into your PC andboot from it.
Select Repair Options > Restore Original System Loader in the rescue disk interface.
reboot your PC afterwards.
Click “OK” and then click “Yes” to power cycle your PC.
You’ll have to put in your VeraCrypt encryption password when your PC boots.
Sign into your PC when the normal welcome screen appears.You should see a “Pretest Completed” window.
VeraCrypt advises that you havebackup copies of the files you’re encrypting.
If the system loses power or crashes, some of your files will be irreversibly corrupted.
It’s always important to have backup copies of your important files, especially when encrypting your system drive.
If you better back up your files, poke the “Defer” button and back up the files.
smack the “Encrypt” button to actually encrypt your PC’s system drive.
VeraCrypt will provide information about when you should use the rescue disk.
After it does, it will begin the process of encrypting your hard drive.
