Protection: Device Encryption

Encrypting phones is easy. iPhones are encrypted simply by activating the passcode lock feature. Android devices are encrypted via the settings, which I listed in my recommended settings changes. Encrypting other devices is a little difficult.

First off: priorities. I recommend putting emphasis on encrypting devices that are easily capable of travel, whether they travel or not. Phones should be encrypted as they get lost and stolen constantly and contain tons of sensitive information like banking apps, emails, messages, and more. Phones are critically important and should always be encrypted. Next would be laptops, even if you don't travel with them. It's easy for a thief to pick them up and take off with them, so they should be encrypted. The same logic goes for external harddrives and backups. Finally, desktop computers. Encryption is literally free, so I recommend encrypting everything, just be careful not to lose your password or else you're in trouble.

Mac devices come with a proprietary encryption program called FileVault. This is relatively secure and should work for most people. But if you want to go a step further, or if you have a Windows device, then I recommend VeraCrypt. Veracrypt is a free, open source software that allows various forms of encryption. For devices like computers and external harddrives, you'll want to use "full disk encryption," meaning that the entire device is encrypted completely.

Using Veracrypt

In this paragraph I'll talk you through how to encrypt an external device using Veracraypt. In the future I hope to add a section on full-disk encryption, but until I'm able to get that, try try this video tutorial.

To encrypt an external device, run Veracrypt, go to the "Volume Creation Wizard" under the Tools menu, and select "Encrypt a non-system partition/drive." Pick "Standard VeraCrypt Volume," then "Create encrypted volume and format it." Please be aware: this will wipe all the data already on your drive, so I recommend only using this with a fresh, empty drive. Finally, make sure the algorithms are set to AES and SHA-512, select a good password on the next screen, then pick your file system format. If you're only using Windows systems, NTFS is the best choice. If you plan to switch between various operating systems like Mac or Linux, then exFAT is is the better choice, but keep in mind exFAT can't support files over 4GB. After making this choice, simply continue on and follow the prompts accordingly.

NOTE: while installing Veracrypt, you will be asked to create a "recovery USB." I highly encourage you to do so and to store it somewhere safe. Even something as simple as a routine update has the potential to go wrong and the only way to recover your data will be to decrypt the drive using this USB.


Previous Next