Some new computers with Windows 10 can be protected with the BitLocker disk encryption feature, available only in the Pro versions In addition to Bitlocker there is also another program that can be used, for free and without limitations, to encrypt the entire contents of the PC hard disk so that you cannot access the data if you do not know the access password.
The program to be used is VeraCrypt, an open source program that works on every Windows PC, heir of the now abandoned Truecrypt, which can be used to protect the data of a USB stick or external drive .
Encryption allows you to make the files on the disk completely illegible and unrecoverable, even if you don't know the decryption key, even for the police or the FBI.
This protection is different from the request for a password to access Windows which, as we know, is easy to bypass, for example by starting the computer with another USB stick operating system.
If instead a disk is encrypted, even by detaching it from that computer and connecting it to another we will never be able to extract the files inside it.
VeraCrypt is a free and open-source tool that you can use to activate full disk encryption on any Windows 10, 8, 7, Vista, and even XP PC and also available for Mac and Linux.
VeraCrypt is a project based on the source code of the old TrueCrypt software, the development of which was stopped a few years ago.
VeraCrypt is therefore an updated program, which also supports modern PCs with Windows 10 and EFI system partitions.
It can be used to encrypt the contents of a USB stick, a second hard disk, a folder or even to protect access to the files of the entire main disk, the one in which Windows is installed .
Using this type of program to protect your PC by encrypting the entire system disk means receiving a password request every time you start your PC, immediately after turning on the computer.
We therefore see in this guide how to install VeraCrypt and encrypt the system unit in order to protect everything inside the PC, on the installation disk, typically the C: disk.
First of all, then, download VeraCrypt and run the installation program while also keeping all the default settings, moving forward safely and without the dangers of sponsors or adware.
Once VeraCrypt is installed, open the Start menu, launch the program.
At this point you can choose to encrypt one of the listed drives or the system disk.
For the latter purpose, go to the top System menu and then select Encrypt System Partition / Drive .
You will be asked whether to use Normal mode or Hidden system encryption.
The Normal option encrypts the partition or system drive normally when you start your computer you will need to provide the encryption password to access it.
The Hidden option, on the other hand, creates an operating system in a hidden VeraCrypt volume and one that acts as a fake, bait.
In this case, when you start your PC, you can enter the veracrypt password to start the hidden operating system or write the bait operating system password.
To understand what we mean, we can think of being in an action movie, where the criminal or police asks us to access our PC and show him the password and the content and we, thanks to Veracrypt, can hide the hidden system and instead show him the bogus one that has nothing strange.
In terms of encryption, the "Normal" mode keeps your files just as secure and unless you feel threatened by someone, it's the option to choose.
Going forward, the second choice you are asked to make is between Entire disk or system partition .
In practice, you are asked if you want to encrypt the whole disk or only the partition where Windows is installed.
If the installation partition is the only partition, then this choice is irrelevant.
VeraCrypt will then ask how many operating systems we have on the PC.
If we only have one, choose the SingleBoot otherwise select "Multi-boot" to have the choice of which to boot.
For the type of encryption to be used, it is advisable to accept the default settings, ie "AES" encryption and the "SHA-256" hash algorithm .
Eventually you will be asked to enter a password, which is secure and not easy to guess.
The wizard recommends choosing a password of 20 characters or more, up to a maximum of 64 characters.
An ideal password is the random combination of different types of characters, with upper and lower case letters, numbers and symbols.
Of course, even a 7-character password can; enough if we don't have things of national interest on our PC.
The keyfiles option requires to provide some files to unlock the disk and works with USB drives.
The PIM option is practically a second protection beyond the password and it is the choice of the key to confirm the password (which by default is the Enter key).
Note that when entering the password, Veracrypt changes the keyboard from Italian to English because it is the one that is activated first when the PC is started.
VeraCrypt will then ask you to move the mouse randomly inside the window, to strengthen the encryption key.
The VeraCrypt wizard cannot end without creating a Veracrpyt image as a rescue disk .
Basically, if the bootloader or other data is damaged, you can use this disk to start the computer and access the files (always with a password).
The ISO image that is created and saved on the PC must therefore be burned onto a CD or DVD (this must be done by yourself, not by Veracrypt).
Each recovery disc only applies to the PC from which it was created.
It is not over yet, you can also define the wipe mode that you want to use, for protection against data recovery.
You can also skip this step which also becomes too paranoid.
In the end, VeraCrypt checks that everything is working properly and before encrypting the disk or the system partition, asks to do a test also providing the instructions to follow in case of problems in startup.
Basically, if Windows did not start correctly, you have to restart the PC and press the "Esc" key on the keyboard in the VeraCrypt bootloader screen.
Windows should ask if you want to uninstall the VeraCrypt bootloader.
Alternatively, you have to boot your PC from the VeraCrypt recovery disk and from the options restore the original Windows bootloader.
Each time you start your computer when the disk is encrypted with Veracrypt, you will need to type the password and press the Enter key or the custom key if the PIM option was selected.
Veracrypt is the most powerful encryption tool for a PC, even if you have to consider the risk that all data may be lost in case of disk problems.
So remember to always have a backup on another external disk of important data that you do not intend to lose.
In case you want to go back and decrypt the disk, from the Veracrypt program you can always choose the System> decrypt system partition drive option, to remove data encryption.
