_IF YOUR COMPUTER’S HARD DRIVE IS ENCRYPTED, no one can modify its data, or read its contents while the computer is turned off. Full disk encryptionA process that encrypts all the data stored on the hard disk of a device while it powers down. This prevents someone without the decryption key from reading or tampering with your device's data. is essential to protecting the data stored on your computer, particularly when the threat of confiscation or theft is high.
When you enable full disk encryption for the first time, you’ll be asked to set a passphrase. Follow best practices by using a long, unique, and complex passphrase. A strong passphrase is what keeps a dedicated attacker at bay when attempting to break the encryption that protects your data.
Take your computer's encryption passphrase and store it somewhere safe — memorize it, or store it in a password manager. You’ll have to type it every time you turn on your computer and want to decrypt the data on your device. Don’t get yourself locked out — without your passphrase or recovery keyA long series of characters that Apple and Microsoft provide when creating an encrypted disk that should be kept in a secure place. If you lose the password to the disk, the recovery key can be used to unlock it., you’ll lose access to all your files.
macOS users: Use FileVault to encrypt your device
STEP 1
Create your encryption passphrase, and store it somewhere safe.
You’ll need your encryption passphrase to access your encrypted data every time you turn on your computer. It’s important that you use a passphrase that is complex, unique, and typeable. You can use a password manager, or dice, to generate a robust encryption passphrase.
Don’t lose access to the data on your encrypted device! Store your passphrase somewhere safe, like a password manager, or even on a piece of paper with a trusted third party.
STEP 2
Follow these step-by-step instructions to enable full disk encryption with FileVault on your Mac.
Pro-tip: Rather than syncing your recovery key to Apple’s iCloud, save it as a file to an encrypted USB stick or external hard drive you own.
Windows users: Use Bitlocker to encrypt your device
STEP 1
Check to see if you have access to Bitlocker.
Bitlocker is only available on Windows 10 Pro, Enterprise and Education editions. If you use Windows 10 Home edition users or an older version of Windows, you will have to buy an upgrade for their operating system to take advantage of encryption.
STEP 2
Create your encryption passphrase, and store it somewhere safe.
You’ll need your encryption passphrase to access your encrypted data every time you turn on your computer. It’s important that you use a passphrase that is complex, unique, and typeable. You can use a password manager, or dice, to generate a robust encryption passphrase.
Don’t lose access to the data on your encrypted device! Store your passphrase somewhere safe, like a password manager, or even on a piece of paper in a safe.
STEP 3
Follow this guide to walk you through enabling full disk encryption with Bitlocker on your computer.
Pro-tip: During the setup process, save your recovery key as a file, and store that file on an encrypted USB or external hard drive for safekeeping.
Linux users: Use LUKS encryption to encrypt your device
STEP 1
LUKS encrypt your device by selecting the “Encrypt Hard Disk” option during initial installation.
If you are already running Linux without full disk encryption, you’ll need to back up your files, reinstall the operating system with encryption, and then restore your files.
The setup process for full disk encryption is similar in major flavors of Linux. Follow this guide to get started (Note: the screencaps in this guide are based on the setup on Ubuntu).