In this final three-part part, we’ll take a look at how to encrypt your Windows hard drive using VeraCrypt. In the first part, we showed how to create a regular encrypted folder, and in the second part, how to create a hidden folder inside an encrypted folder.
But now we’re going to up the ante and encrypt the hard drive. After a few spirits to get up the courage, it’s time to start this show.
How to encrypt your Windows hard drive to prevent snoopers
It’s actually not that difficult. Just follow these steps in order and hopefully your computer won’t explode in your face. I assume you already have VeraCrypt installed, but if not, you can get it here
First open VeraCrypt and click “Create Volume”.
Then you will see three options. We have already done the first two in previous articles. Today we will consider option number three – “Encrypt the system partition or the entire system disk”.
Click Next to continue.
In this case, we use regular encryption, not a “hidden operating system”. Therefore, select the first option and click Next to move on.
I personally believe (although you may disagree) that you only need to encrypt the portion of the hard drive that has the Windows operating system installed.
Keeping it simple (which is always my mantra), I chose the first option – “Encrypt Windows System Partition”. You can choose the second option, but if you do, you’ll get a lot of ramifications if things go wrong.
If you only have Windows installed on your computer, then you have a single boot system. If your computer has multiple operating systems (for example, Windows and Linux), then this is a multiboot system. So choose which one you have.
Now it will ask you which encryption option you want. But, as I pointed out in previous articles, unless you have a specific reason, you should leave the default encryption protocols. It is the AES standard used by governments to encrypt classified documents. Also leave the hash algorithm as it is.
Click Next.
After specifying the desired password, it’s time to generate encryption keys. To make them as strong as possible, you need to move your mouse or trackpad around the VeraCrypt window in a “random order.”
This will change the bar at the bottom from red to yellow and finally to green. When the green bar is all the way to the far right end of the screen, click Next.
Since you are now encrypting the hard drive (or part of it), you need to take extra precautions in case you block access to the hard drive. This is called a VeraCrypt Recovery Disk (VRD), which repairs any damage to the VeraCrypt bootloader or Windows, allowing (hopefully) a login.
However, having this rescue disk does not pose a security risk as you still need the encryption password to make it work.
VeraCrypt will select an area to place the rescue disk after it has been created. But you can easily move it to a different location if you like by clicking the Browse button. DO NOT clear the “Skip rescue disk check” checkbox – this is very important.
Click Next.
The next step opens the Windows Disk Image Burner. You will see that the rescue disc is an ISO file and you need to select your hard drive disc burner. A regular 700 MB CD is sufficient. Select Check Disc After Burn.
When the disc is in the recorder drive, click Burn to start the process.
When the process is complete, the disc burner will open its hard drive tray. Close the tray again, let the disc run and let the disc imaging software check the disc to make sure everything is working properly.
I hope you see it someday.
It’s time for VeraCrypt to do some preliminary testing before you start encrypting your hard drive or partition (whichever you choose).
As shown in the following screenshot, your Windows system will reboot, the bootloader will be installed, and if all goes well, the system will start encryption. Click Test to begin this process.
After restarting your computer – before Windows starts up – you will see the following screen.
Enter your password in the space provided. You probably didn’t specify PIM in your password settings (I didn’t), so in this case, leave it blank when it prompts for PIM and press Enter.
Now wait for your system to log in. If this is your first time doing this, the login process may be slightly delayed.
Once your password is successfully verified, your system will start encryption. As you can see, encrypting the system takes a long time depending on its size, so this might be one of those times when you need to leave your computer on overnight to get it up and running.
Once this is done, your computer is much safer. Now laugh happily as your nosy roommates try in vain to hack into your computer to read the love letters of your unrequited love.
–