Encryption has been all over the news lately, and I’m not just talking about Edward Snowden. The FBI has been firmly against personal device encryption and has been pleading with tech companies to either hand over their encryption keys or provide a backdoor that the FBI thinks only they can access.
So far, major companies like Microsoft, Apple and Google have been enabling device encryption turned on by default in some form or another. Even President Obama says, “There’s no scenario in which we don’t want really strong encryption.” So how can you start?
In most cases you’re probably using encryption without realizing it, such as visiting a website that starts with HTTPS (S = secure). For personal devices, one method is called Full Disk Encryption. FDE is built into all major operating systems, is easy to set up, and is pretty much the only way to protect your data in case your device gets stolen.
When it comes to security, the first and most important thing to realize is that, while your device can be secure, it’s up to the person to use it in a secure manner. Don’t click on suspicious URLs or emails, porn websites are notorious for malware, and even safe websites can get hacked from time to time. But on to full disk encryption.
Note that this will be covering only computer encryption. Windows Phones and iPhones are encrypted by default when you set a PIN passcode. Android phones have device encryption, but it’s only turned on by default with Android Lollipop, although lately Google seems to have backed off from default encryption.
Depending on which version of Windows you use, your files can be encrypted by default, or you may have to turn the setting on. With Windows 8/8.1, BitLocker is turned on by default, although the technology is only available in the Ultimate, Enterprise, and Pro versions of Windows Vista, 7, 8 and 8.1. To see if you have it, open the File Explorer, right-click on your C drive, and see if the option “Turn on BitLocker” is available in the menu. If it says “Manage BitLocker” then it’s already turned on. If you don’t have it you can use third-party software such as DiskCryptor.
However, when I recently bought a new PC running Windows 8.1 Home, device encryption was turned on by default, although I don’t think it’s the same as BitLocker.
OS X Encryption
Apple’s encryption solution is called FileVault. It’s available for all Macs but it’s not turned on by default. To enable it, open System Preferences>Security & Privacy>FileVault. When you turn it on, you will be asked if you want to store a copy of your disk encryption recovery key in your iCloud account, which is not recommended. If you do this, Apple could be compelled to hand it over to law enforcement or intelligence agencies, or it could be leaked in another iCloud hack.
Linux is different in that you can only encrypt your disk when you first install it. If you already have a Linux distribution installed without disk encryption, you’ll need to backup your data and reinstall it.
Although the installation process can be different depending on which distribution you use, just keep an eye out for the words “Encrypt the new installation for privacy”. Click Install, and on the next page you’ll be asked to choose a security key, which you’ll need to type each time you turn on your computer.