Cloud Hosting

Windows 10 sometimes uses encryption by default, and sometimes doesntits complicated. Heres how to check if your Windows 10 PCs storage is encrypted and how to encrypt it if it isnt.Encryption isnt just about stopping the NSAits about protecting your sensitivedata in case you ever lose your PC, which is something everyoneneeds.

Unlike all other modern consumer operating systemsmacOS, Chrome OS, iOS, and AndroidWindows 10 still doesnt offer integrated encryption tools to everyone. You may have to pay for the Professional edition of Windows 10 or use a third-party encryption solution.

RELATED: Windows 8.1 Will Start Encrypting Hard Drives By Default: Everything You Need to Know

Many new PCs that ship with Windows 10 will automatically have Device Encryption enabled.This feature was first introduced in Windows 8.1, andthere are specific hardware requirements for this. Not every PC will have this feature, but some will.

Theres another limitation, tooit only actually encrypts your driveif you sign into Windowswitha Microsoft account. Your recovery key is then uploaded to Microsofts servers. This will help you recover your files if you ever cant log into your PC. (This is also why the FBIlikely isnt too worried about this feature, but were just recommendingencryption as a means to protect your data fromlaptop thieves here. If youre worried about the NSA, you may want to use a different encryption solution.)

Device Encryption will also be enabled if you sign into an organizations domain. For example, you might sign into a domain owned by your employer or school. Your recovery key would then be uploaded to your organizations domain servers. However, this doesnt apply to the average persons PConly PCs joined to domains.

To check if Device Encryption is enabled, open the Settings app, navigate to System > About, and look for a Device encryption setting at the bottom of the About pane. If you dont see anything about Device Encryption here, your PC doesnt support Device Encryption and its not enabled. If Device Encryption is enabledor if you can enable it by signing in with a Microsoft accountyoull see a message saying so here.

RELATED: Should You Upgrade to the Professional Edition of Windows 10?

If Device Encryption isnt enabledor if you want a more powerful encryption solution that can also encrypt removable USB drives, for exampleyoull want to use BitLocker. Microsofts BitLocker encryption tool has been part of Windows for several versions now, and its generally well regarded. However, Microsoft still restricts BitLocker to Professional, Enterprise, and Education editions of Windows 10.

BitLocker is most secure on a computer that contains Trusted Platform Module (TPM) hardware, which most modern PCs do. You can quickly check whether your PC has TPM hardware from within Windows, or check with your computers manufacturer if youre not sure.If you built your own PC, you may able to add a TPM chip to it. Search for a TPM chip thats sold as an add-on module. Youll need one that supports the exact motherboard inside your PC.

RELATED: How to Use BitLocker Without a Trusted Platform Module (TPM)

Windows normally says BitLocker requires a TPM, but theres a hidden option that allows you to enable BitLocker without a TPM. Youll have to use a USB flash drive as a startup key that must be present every boot if you enable this option.

If you already have a Professional edition of Windows 10 installed on your PC, you can search for BitLocker in the Start menu and use the BitLocker control panel to enable it. If you upgraded for free from Windows 7 Professional or Windows 8.1 Professional, you should have Windows 10 Professional.

If you dont have a Professional edition of Windows 10, you can pay $99 to upgrade your Windows 10 Home to Windows 10 Professional. Just open the Settings app, navigate to Update & security > Activation, and click the Go to Store button.Youll gain access to BitLocker and the other features that Windows 10 Professional includes.

Security expert Bruce Schneier also likes a proprietary full-disk encryption tool for Windows named BestCrypt. Its fully functional on Windows 10 with modern hardware. However, this tool costs $99the same price as an upgrade to Windows 10 Professionalso upgrading Windows to take advantage of BitLocker may be a better choice.

RELATED: 3 Alternatives to the Now-Defunct TrueCrypt for Your Encryption Needs

Spending another $99 just to encrypt your hard drive for some additional security can be a tough sell when modern Windows PCs often only cost a few hundred bucks in the first place. You dont have to pay the extra money for encryption, because BitLocker isnt the only option. BitLocker is the most integrated, well-supported optionbut there are other encryption tools you can use.

The venerable TrueCrypt, an open-source full-disk encryption tool that is no longer being developed, has some issues with Windows 10 PCs. It cant encrypt GPT system partitions and boot them using UEFI, a configuration most Windows 10 PCs use. However, VeraCryptan open-source full-disk encryption tool based on the TrueCrypt source codedoes support EFI system partition encryption as of versions 1.18a and 1.19.

In other words, VeraCrypt should allow you to encrypt your Windows 10 PCs system partition for free.

RELATED: How to Secure Sensitive Files on Your PC with VeraCrypt

TrueCrypts developers did famously shut down development and declare TrueCrypt vulnerable and unsafe to use, but the jury is still out on whether this is true.Much of the discussion around this centers on whether the NSA and other security agencies have a way to crack this open-source encryption. If youre just encrypting your hard drive so thieves cant access your personal files if they steal your laptop, you dont have to worry about this. TrueCrypt should be more than secure enough. The VeraCrypt project has also made security improvements, and should potentially be more secure than TrueCrypt. Whether youre encrypting just a few files or your entire system partition, its what we recommend.

Wed like to see Microsoft give more Windows 10 users access to BitLockeror at least extend Device Encryption so it can be enabled on more PCs. Modern Windows computers should have built-in encryption tools, just like all other modern consumer operating systems do. Windows 10 users shouldnt have to pay extra or hunt down third-party software to protect their important data if their laptops are ever misplaced or stolen.

The rest is here:
How to Enable Full-Disk Encryption on Windows 10