Computer encryption symbol / Shutterstock
Most of us have some rather sensitive files on our PCs. Whether it’s our tax returns, financial records, password lists (seriously, just use a password manager already), or just files you don’t want anyone to see under any circumstances, we all have our reasons for wanting a bit more security. This means that it’s time to get into encryption, which is where a drive, file, or folder is encoded (encrypted) so as to make it unreadable to anyone except the person with the right key to decrypt it. The upside is that anyone attempting to access it without the password will fail, and the downside is that if you lose the encryption key (usually a password), whatever you had encrypted will be gone forever, unless there’s a way to recover it.
Luckily, in Windows you have options on how to do this for absolutely no cost whatsoever. Windows 10/11 Pro users have encryption tools built into the OS; while users of the Home variant must use a free third-party utility. Whether you want full-drive encryption, or just a secure space to keep your important records, one of these tools will fit the bill.
How to use Bitlocker for full-drive encryption
Windows 10 or 11 Pro offers two built-in encryption tools: There is this simple tool, which can be used to encrypt any file—however, in our testing we had issues with it, so we recommend using the other option, Bitlocker. Bitlocker offers full-drive encryption only, however, but thankfully you can choose between encrypting the entire drive, or just the space that’s being used. Encrypting an entire drive does incur a performance penalty, but if it’s your work laptop and everything you are working on is on your C:/ drive, it’s a good option to consider. It’s also a good option for external drives, as most of us have lost a few of those over the course of our lives, and lord knows what we had on them when we did so. Setting up Bitlocker is relatively painless, so follow along.
If you just type the word Bitlocker in Windows search it’ll appear, or you can find it in the Control Panel listed as Bitlocker Management. When you open it, you’ll be presented with a list of your attached storage devices, both internal and external. We’re going to install it on our external drive, F.
After you’ve enabled Bitlocker on the drive of your choice, Microsoft will ask you how you want to unlock the drive, either via a password or with a Smart Card; we chose a password. If you choose a Smart Card you’ll need a USB drive, which will be paired with a PIN code to unlock the drive.
Next, Microsoft will ask you how you want to restore the recovery key, which could save your behind if you ever forget your password, or lose your Smart Card. We chose to have the recovery key accessible via our Microsoft Account, as that seems to be the most secure method of storing it, and definitely smarter than printing it out!
One of the last steps is deciding how much of the drive to encrypt: all of it, or just the used space. We chose just the used space simply because it should result in faster drive performance.
You’ll also have to choose which encryption mode you want: one that works with newer PCs, or one that’s compatible with older versions of Windows. Since we only have Windows 10/11 PCs in our house, we chose the newer version.
We’re all set now, so go ahead and click Start Encrypting. On our 256GB test drive, the encryption process took just a few seconds. Once it’s complete, your data is now encrypted.
Going forward, inserting the now-encrypted drive results in the error seen below, instead of just automatically opening like it does for external storage.
You’ll also get a pop-up from Windows asking you to type the encryption password, or the recovery key. Thankfully, Windows gives you the option of automatically unlocking on a certain PC, which is handy if you’re using it a lot on a home PC as opposed to a laptop.
If you’re using Windows Home, or just want an encrypted folder
If you have the Home version of Windows, you can still get in on the encryption game with Veracrypt, which is a free utility that can encrypt a folder, drive, or partition. This handy tool lets you mount an “encrypted virtual disk” in Windows, MacOS, and Linux. When you enter your password the “disk” is mounted and your files appear, but when you close the program, the disk unmounts and the files are no longer accessible. We didn’t test the disk or partition encryption, so these instructions only apply to creating an encrypted folder. Let’s jump in, shall we?
To get started, download the free utility and fire it up. To begin, you’ll need to create the encrypted volume, so click on Create Volume.
On the next screen we chose Create an encrypted file container, as we’re just looking for a repository for our sensitive documents and media.
Next we chose Standard Veracrypt volume as it’s fine for the vast majority of home users.
Next you have to choose the location for this file, so consider the size of the “folder” you will create, and make sure your storage device has enough room to hold it. We made a folder on one of our hard drives labeled “Veracrypt” since we’re good at hiding things, and then typed the name of the file into the dialogue box that appeared, resulting in what you see in the screenshot. Also note you can create this volume on a removable drive too.
Next you have a lot of encryption options, but just select AES and click through. AES-256 encryption is considered the strongest form of encryption and cannot be cracked with brute strength, so it should work for your purposes.
Now decide how big you want your container to be. You can’t go back and make it bigger later, so shoot for the moon, assuming you have enough room. We decided to make ours 1GB.
With that information inputted, the program is ready to create the volume on your drive. Don’t be afraid by all the “hacker” looking stuff on the screen, just click Format and you’re off to the races.
Once the process is completed, it will show you that the volume is ready.
You can now navigate to where the container is just to verify its existence and see its file size, if that is important to you. You’ll note that clicking on it does nothing, as you have to use the Veracrypt program to actually open it, so let’s do that now.
Now it’s time to access our encrypted volume. Open Veracrypt and choose Select File from the main menu, then navigate to the folder where it’s located. You’ll also need to choose a volume letter from the list provided, so choose one that is not in use like X or M, something like that. Once you’ve chosen the volume letter, and navigated to the file, click Mount.
After that completes you’ll see the same window with the path to your file in blue. Double-click that and the volume will open. You will also see the same volume appear in This PC as well, if you prefer that method.
Et voila—here are our encrypted files! These are quite sensitive cat photos, obviously, but feel free to throw anything you want in there, knowing it’s about as secure as it can possibly be for now.
One final note: As long as the volume is “mounted,” it is accessible. So that means if you open it up, put some files in it, then just walk away from your PC, anyone with physical access to it can also look at the files. To complete the process, you have to click Dismount on the main screen of Veracrypt to shut the door on your encrypted folder. Once you’ve dismounted the volume, it will no longer be accessible without the encryption password.
To encrypt or not to encrypt?
If you want to encrypt your drive to prevent unauthorized access, it’s built right into Windows Pro versions, so it is worth it on something that might get “smashed and grabbed” from a car, such as a laptop. For your desktop PC that never moves, the benefits are debatable. We do like having an encrypted folder via Veracrypt, however, for all of our tax returns and similar documents. Just be absolutely sure you keep the password somewhere safe, since you will never get back into that secure “disk” if you lose it.