A hard drive is a popular modern device that allows you to expand your computer's memory without opening it. system unit. Modern external hard drives can fit into any handbag, which means you can always have large amounts of information at hand. If you store confidential information on your hard drive, then The best way Protecting it means setting a password.
A password is a universal means of protecting information, which is a key that can consist of any number of letters, numbers and symbols. If the user enters the password incorrectly, then access to the data stored on the external hard drive cannot be obtained.
How to set a password on an external hard drive?
We have already covered this on our website before. Moreover, the question of the correct one was also considered. Below we will talk about how to apply a password for this device.
Setting a password using built-in Windows tools
Setting a password in this case is used successfully both for regular USB drives and external hard drives, which have large amounts of disk space. The main advantage this method is that you will not be required to download and install third-party programs.
Connect external HDD to your computer, and then open Windows Explorer. Specifically, we are interested in the “This Computer” section, which displays all connected drives to the computer. Right-click on the external hard drive and in the context menu that appears, go to "Enable BitLocker" .
The utility will start launching on the screen. After a moment, a window will appear on the screen in which you will need to check the box “Use a password to unlock the disk” , and in the lines below indicate twice New Password. Click the button "Further" .
Next, you will be asked to select the option of saving a special recovery key. You have three options to choose from: save to your account Microsoft, save it to a file on your computer or immediately print the key on a printer. In our opinion, the second option is most preferable, since this file you can upload, for example, to the cloud, and at any time, if the password is from an external hard drive will be forgotten, open it.
The next setting item asks you to configure data encryption. You can either select to encrypt only the occupied disk space, or encrypt the entire disk.
Please note that if you choose to encrypt the entire disk, you need to be prepared for the fact that the encryption process may take many hours. Therefore, if you do not have a lot of time, it is also recommended to open the hard drive modern computers, we recommend choosing the first encryption option.
The final setup step is to select an encryption mode from two available: new encryption mode and compatibility mode. Considering that we are working with an external hard drive, check the option "Compatibility Mode" , and then move on.
Actually, this completes the BitLocker setup process. To start the password process, all you have to do is click the button "Start encryption" and wait for the process to complete.
If, after encryption is complete, we open Windows Explorer in the “This PC” section, our external hard drive will be listed with a lock icon. An open icon with a lock indicates that access to the data has been obtained, and a closed icon, as shown in the screenshot below, indicates that a password is required.
Having opened the disk twice, a miniature window will appear on the screen in which the user will be asked to enter the password for the connected external hard drive.
Setting a password using archiving
Many users do not trust the data encryption process because this way you cannot access the entire drive. Therefore, we will use this method in a slightly different way - we will place the information saved on an external hard drive in an archive without compression, i.e. An external hard drive, if necessary, can be used without a password, but to access the information stored in it, you will need to enter a security key.
To set a password using archiving information, you will need almost any archiver program. In our case, we will use the popular tool WinRAR , which you can download from the link given at the end of the article.
As soon as the archiver program is installed on your computer, open the contents of the external hard drive, select it with a simple keyboard shortcut Ctrl + A, or select certain folders and files in case you need to hide not all information on the external hard drive under a password. After that, right-click on the selection and select the item in the context menu that appears "Add to archive" .
A window will appear on the screen in which you will need in the block "Compression method" select option "Without compression" , and then click the button "Set password" .
In the window that appears, you will need to enter a password of any length twice. Below, if necessary, you can activate encryption of the data contained in the archive (without activating this item, the names of folders and files will be visible, but access to them will be limited).
When the creation of the archive is completed, the root folder of the hard drive, in addition to the files, will also contain the archive you created. Now files on the disk, except the archive, can be deleted.
When you try to open the archive, a window will appear on the screen asking you to enter a password. Until the archive password is received, access to information will be limited.
What's the result?
Most effective method storing confidential information - using the standard BitLocker tool. This is a wonderful utility, which, perhaps, cannot be found with analogs that are superior in quality. The second method, which involves using an archiver, can be considered the most preferable, since it does not restrict access to the external hard drive, but only to the information that you want to password-protect.
Of course, there are still a lot of information encryption programs, but we did not focus on them, since the two methods described in the article are the most optimal for most users.
Read, how to protect your hard drive or external drive from unauthorized access by encrypting it. How to set up and use the built-in Windows feature - BitLocker encryption. The operating system allows you to encrypt local disks and removable devices using built-in BitLocker ransomware. When the TrueCrypt team unexpectedly shut down the project, they recommended that their users switch to BitLocker.
Content:
How to enable Bitlocker
BitLocker for Drive Encryption and BitLocker To Go require the Professional, Enterprise edition of Windows 8, 8.1 or 10, or the Ultimate edition of Windows 7. But the "core" OS Windows versions 8.1 includes the “Device Encryption” feature for accessing encrypted devices.
To enable BitLocker, open Control Panel and go to System and Security - Drive Encryption with BitLocker. You can also open Windows Explorer, right-click on the drive and select Turn on BitLocker. If this option is not in the menu, then you have an unsupported version of Windows.
Click on the Enable BitLocker option system disk, any logical partition or removable device to enable encryption. Dynamic drives cannot be encrypted with BitLocker.
There are two types of BitLocker encryption to enable:
- For logical partition. Allows you to encrypt any built-in disks, both system and not. When you turn on the computer, the bootloader starts Windows from the System Reserved section and offers an unlocking method - for example, a password. BitLocker will then decrypt the drive and start Windows. The encryption/decryption process will happen on the fly, and you will operate the system in the same way as before enabling encryption. You can also encrypt other drives on your computer, not just the operating system drive. An access password will need to be entered the first time you access such a disk.
- For external devices : External storage devices such as USB flash drives and external hard drives can be encrypted with BitLocker To Go. You will be prompted to enter an unlock password when you connect the drive to your computer. Users who do not have a password will not be able to access files on the disk.
Using BitLocker without TPM
If yours does not have a Trusted Platform Module (TPM), then when you enable BitLocker you will see a message:
“This device cannot use the Trusted Platform Module (TPM). The administrator must set the "Allow BitLocker without a compatible TPM" setting in the policy - Require additional startup authentication for OS volumes.
Drive encryption with Bitlocker by default requires a TPM on the computer to secure the operating system drive. This is a microchip embedded in motherboard computer. BitLocker can store the encrypted key in the TPM, as this is much more secure than storing it on the computer's hard drive. The TPM chip will only provide the encryption key after checking the computer's status. An attacker can't simply steal your computer's hard drive or create an image of an encrypted drive and then decrypt it on another computer.
To enable disk encryption without a TPM, you must have administrator rights. You must open the editor Local group security policies and change the required setting.
Click Windows key+R to run the run command, type gpedit.msc and press Enter. Go to Policy « Local computer» – "Computer Configuration" – "Administrative Templates" – « Windows components» – "BitLocker Drive Encryption"– “Operating system disks.” Double-click "This policy setting allows you to configure the requirement for additional authentication at startup." Change the value to Enabled and make sure the Allow BitLocker without a compatible TPM checkbox is checked, then click OK to save.
Select unlock method
Next, you need to specify how the disk will be unlocked at startup. You can choose different paths to unlock the drive. If your computer does not have a TPM, you can unlock the drive by entering a password or by inserting a special USB flash drive that acts as a key.
If your computer is equipped with a TPM, you will have access to additional options. For example, you can set up automatic unlocking upon boot. The computer will contact the TPM module for the password and will automatically decrypt the disk. To increase the level of security, you can configure the use of a PIN code when loading. The PIN code will be used to securely encrypt the key to open the disk, which is stored in the TPM.
Select your preferred unlock method and follow the instructions for further setup.
Save the recovery key in a safe place
BitLocker will provide you with a recovery key before encrypting the drive. This key will unlock the encrypted drive if you lose your password. For example, you will lose your password or USB flash drive used as a key, or the TPM module will stop functioning, etc.
You can save the key to a file, print it and store it with important documents, save it to a USB flash drive, or upload it to your Microsoft online account. If you save the recovery key to your Microsoft account, you can access it later at – https://onedrive.live.com/recoverykey. Make sure that this key is stored securely so that if someone gains access to it, they will be able to decrypt the drive and gain access to your files. It makes sense to keep multiple copies of this key in different places, because if you don't have the key and something happens to your main unlock method, your encrypted files will be lost forever.
Decryption and unlocking of the disk
Once enabled, BitLocker will automatically encrypt new files as they are added or changed, but you can choose what to do with files that are already on your drive. You can encrypt only the currently occupied space or the entire disk. Encrypting the entire disk takes longer, but will protect against the possibility of recovering the contents deleted files. If you're setting up BitLocker on a new computer, encrypt only used disk space—it's faster. If you're setting up BitLocker on a computer you've previously used, you must use full-drive encryption.
You will be prompted to run a BitLocker system scan and restart your computer. The first time your computer boots up, the drive will be encrypted. The BitLocker icon will be available in the system tray; click on it to see the progress. You can use your computer while the disk is being encrypted, but the process will be slower.
After you restart your computer, you will see a prompt to enter your BitLocker password, PIN code, or a prompt to insert a USB key.
Press Escape if you are unable to unlock. You will be prompted to enter your recovery key.
If you choose to encrypt your removable drive with BitLocker To Go, you'll see a similar wizard, but your drive will be encrypted without requiring a system reboot. Do not disconnect the removable device during the encryption process.
When you connect an encrypted flash drive or external drive to your computer, you will be required to enter a password to unlock it. BitLocker-protected drives have a special icon in Windows Explorer.
You can manage protected drives in the BitLocker control panel window - change the password, turn off BitLocker, backup the recovery key, and more. Right-click on the encrypted drive and select Enable BitLocker to go to Control Panel.
Like any encryption, BitLocker additionally loads system resources. Microsoft's official help for BitLocker says the following. If you work with important documents and you need encryption, this will be a reasonable compromise with performance.
We bring to your attention an overview of the most popular hardware and software for encrypting data on an external hard drive.
Let's start with the simplest. Mac OS X has a built-in Disk Utility that allows you to create an encrypted disk image. You can also use third-party software to encrypt files or folders, such as Espionage, FileWard, StuffIt Deluxe. In addition, some backup applications offer encryption of backups out of the box.
These methods are good. But sometimes using software encryption is not the best option. For example, when you need to encrypt backups Time Machine. To protect such backups, you will have to do some tricky manipulations, because Time Machine does not support encryption. Conventional software will not help when you need to create an encrypted copy boot disk so that it remains bootable. Encrypted disks also have another limitation: they cannot be used on other computers (Mac or PC) without special software.
PGP Whole Disk Encryption for the Mac is one of those applications that allows you to encrypt the contents of a disk, which remains bootable and usable on Mac and PC. This is a great application, but to access information, PGP must be installed on each computer to which such a drive is connected. Also, if the disk is damaged, encryption may prevent data recovery.
If you need a universal solution that does not impose restrictions on disk usage, you should purchase a HDD with built-in encryption. The disk independently encrypts and decrypts data, so the need to install additional software absent. In this case, the disk can be used as a boot volume or for Time Machine. One caveat: if the drive's controller or other electronics fail, you will not be able to transfer data from the device (even with fully working mechanics) until full recovery HDD.
Encryption-enabled hard drives come in several types, depending on the decryption mechanism:
Hardware keys
Some manufacturers offer encrypting HDD boxes that are locked using a physical device. As long as the key is present (connected or near the disk), the disk can be read.
HDDs of this type: RadTech's Encrypted Impact Enclosures ($95), RocStor Rocbit FXKT drives and several devices from SecureDISK ($50+). All boxes have two or three compatible keys, which are connected to a special port on the device. SecureDISK offers RFID Security External Enclosure with an infrared key (the media must be nearby to use the drive).
Fingerprint scanners
If you are worried about losing physical media, then you can look towards HDD boxes with a fingerprint scanner. A few examples: MXI Security Outbacker MXI Bio ($419-$599) and LaCie SAFE hard drives ($400 for a 2GB model). (Some older models of LaCie boxes, 2.5″ format, do not encrypt data, but use less reliable locking in the firmware). These drives are easy to use and can store fingerprints of up to five people. It is worth noting that there are several techniques for deceiving the finger scanner (without the presence of the original finger).
Keyboard
($230-480) – encrypting disk boxes that do not require physical keys or biometric readers. Instead, the keyboard is used to enter a password (up to 18 characters). Using a keyboard instead of a physical key is convenient when the disk often passes between hands. The drives support a “self-destruct” feature that deletes all stored information after several unsuccessful password attempts.
This is the fourth of five articles on our blog dedicated to VeraCrypt, it examines in detail and gives step-by-step instruction, how to use VeraCrypt to encrypt a system partition or an entire disk with the Windows operating system installed.
If you are looking for how to encrypt a non-system hard drive, encrypt individual files or an entire USB flash drive, and also want to learn more about VeraCrypt, take a look at these links:
This encryption is the most secure since absolutely all files, including any temporary files, hibernation file (sleep mode), swap file and others are always encrypted (even in the event of an unexpected power outage). The operating system log and registry, which store a lot of important data, will be encrypted as well.
System encryption works through authentication before the system boots. Before your Windows starts booting, you will have to enter a password that will decrypt the system partition of the disk containing all the operating system files.
This functionality is implemented using the VeraCrypt bootloader, which replaces the standard system bootloader. Boot the system if the bootloader is damaged hard sector disk, and therefore the bootloader itself, can be done using VeraCrypt Rescue Disk.
Please note that the system partition is encrypted on the fly while the operating system is running. While the process is ongoing, you can use the computer as usual. The above is also true for decryption.
List of operating systems for which system disk encryption is supported:
- Windows 10
- Windows 8 and 8.1
- Windows 7
- Windows Vista (SP1 or later)
- Windows XP
- Windows Server 2012
- Windows Server 2008 and Windows Server 2008 R2 (64-bit)
- Windows Server 2003
Step 1 - Encrypt the system partition
Launch VeraCrypt, in the main program window go to the System tab and select the first menu item Encrypt system partition/drive (Encrypt system partition/disk).
Step 2 – Selecting Encryption Type
Leave the default type Normal (Ordinary) if you want to create a hidden partition or a hidden OS, then pay attention to the dedicated additional features VeraCrypt. Click Next
Step 3 – Encryption Area
In our case, it is not fundamentally important to encrypt the entire disk or just the system partition, since we have only one partition on the disk that takes up all the free space. It is possible that your physical disk is divided into several partitions, for example C:\ And D:\. If this is the case and you want to encrypt both partitions, choose Encrypt the whole drive.
Please note that if you have several physical disks installed, you will have to encrypt each of them separately. Disk with a system partition using these instructions. How to encrypt a disk with data is written.
Select whether you want to encrypt the entire disk or just the system partition and click the button Next.
Step 4 – Encrypt Hidden Partitions
Select Yes If your device has hidden partitions with computer manufacturer utilities and you want to encrypt them, this is usually not necessary.
Step 5 – Number of Operating Systems
We will not analyze the case when several operating systems are installed on the computer at once. Select and press button Next.
Step 6 – Encryption Settings
Selection of encryption and hashing algorithms, if you are not sure what to choose, leave the values AES And SHA-512 default as the strongest option.
Step 7 - Password
This is an important step, here you need to create strong password which will be used to access the encrypted system. We recommend that you carefully read the developers' recommendations in the Volume Creation Wizard window on how to choose a good password.
Step 8 – Collecting Random Data
This step is necessary to generate an encryption key based on the password entered earlier; the longer you move the mouse, the more secure the resulting keys will be. Move the mouse randomly at least until the indicator turns green, then click Next.
Step 9 - Generated Keys
This step informs you that the encryption keys, binding (salt) and other parameters have been successfully created. This is an information step, click Next.
Step 10 – Recovery Disk
Specify the path where it will be saved ISO image recovery disk (rescue disk) you may need this image if the VeraCrypt boot loader is damaged, and you will still need to enter the correct password.
Save the recovery disk image to removable media (for example a flash drive) or write it to optical disk(recommended) and click Next.
Step 11 - The recovery disk is created
Note! Each encrypted system partition requires its own recovery disk. Be sure to create it and store it on removable media. Do not store the recovery disk on the same encrypted system drive.
Only a recovery disk can help you decrypt data in case of technical failures and hardware problems.
Step 12 – Clearing Free Space
Clearing free space allows you to permanently remove previously deleted data from a disk, which can be recovered using special techniques (especially important for traditional magnetic hard drives).
If you are encrypting an SSD drive, select 1 or 3 passes; for magnetic disks we recommend 7 or 35 passes.
Please note that this operation will affect the overall disk encryption time, for this reason, refuse it if your disk did not contain important deleted data before.
Do not choose 7 or 35 passes for SSD drives, magnetic force microscopy does not work in the case of SSDs, 1 pass is enough.
Step 13 – System Encryption Test
Perform a system encryption pre-test and see the message that the VeraCrypt boot loader interface is entirely in English.
Shan 14 – What to do if Windows does not boot
Read, or better yet, print out the recommendations in case what to do if Windows does not boot after a reboot (this happens).
Click OK if you have read and understood the message.
Recently, laptops have become very popular due to their affordable price and high performance. And users often use them outside secured premises or leave them unattended. This means that the issue of ensuring that personal information on systems running Windows is not accessible to outsiders becomes extremely pressing. Easy installation A login password will not help here. And encryption separate files and folders (read about that) is too routine a task. Therefore, the most convenient and reliable means is hard drive encryption. In this case, you can encrypt only one of the partitions and keep private files and programs on it. Moreover, such a partition can be made hidden without assigning a drive letter to it. Such a section will outwardly appear unformatted, and thus will not attract the attention of attackers, which is especially effective, since the best way to protect secret information is to hide the very fact of its existence.
How hard drive encryption works
The general principle is this: the encryption program makes an image file system and places all this information in a container, the contents of which are encrypted. Such a container can be either a simple file or a partition on a disk device. Using an encrypted container file is convenient because such a file can be copied to any convenient location and continued working with it. This approach is convenient when storing a small amount of information. But if the size of the container is several tens of gigabytes, then its mobility becomes very doubtful, and besides, such a huge file size reveals the fact that it contains some kind of useful information. Therefore, a more universal approach is to encrypt the entire partition on the hard drive.
There are many different programs for these purposes. But the most famous and reliable is considered TrueCrypt. Since this program is open source, this means that there are no vendor-specific backdoors that allow you to access encrypted data through an undocumented backdoor. Unfortunately, there are speculations that the creators of the TrueCrypt program were forced to abandon further development and pass the baton to their proprietary counterparts. However, the latest reliable version, 7.1a, remains fully functional on all versions of Windows, and most users use this version.
Attention!!! Last current version- 7.1a ( Download link). Do not use the “cut down” version 7.2 (the project was closed, and on the official website of the program they suggest switching from TrueCrypt to Bitlocker and only version 7.2 is available).
Creating an encrypted disk
Let's consider the standard approach when encrypting partitions. To do this, we need an unused partition on your hard drive or flash drive. For this purpose, you can free one of the logical drives. As a matter of fact, if there is no free partition, then during the process of creating an encrypted disk, you can choose to encrypt the disk without formatting and save the existing data. But this takes longer and there is a small risk of losing data during the encryption process if the computer freezes.
If the required partition on the disk device is prepared, you can now launch the TrueCrypt program and select the “Create new volume” menu item.
Since we are interested in storing data not in a container file, but in a disk partition, we select the “Encrypt non-system partition/disk” option and the usual type of volume encryption.
At this stage, the mentioned choice appears - to encrypt the data in the partition or format it without saving the information.
After this, the program asks which algorithms to use for encryption. For domestic needs there is no big difference - you can choose any of the algorithms or a combination of them.
Only in this case it is worth considering that when using a combination of several algorithms, more computing resources are required when working with an encrypted disk - and accordingly, the read and write speed drops. If your computer is not powerful enough, then it makes sense to click on the test button to select the optimal algorithm for your computer.
The next step is the actual process of formatting the encrypted volume.
Now all you have to do is wait until the program finishes encrypting your hard drive.
It is worth noting that at the stage of setting a password, you can additional protection set the key file. In this case, access to encrypted information will be possible only if this key file. Accordingly, if this file is stored on another computer in local network, then if you lose a laptop with an encrypted disk or flash drive, no one will be able to gain access to secret data, even if they guessed the password - after all, there is no key file either on the laptop itself or on the flash drive.
Hiding an encrypted partition
As already mentioned, the beneficial advantage of an encrypted partition is that in operating system it is marketed as unused and unformatted. And there is no indication that it contains encrypted information. The only way to find out is to use special programs in cryptanalysis, who are able to conclude from the high degree of randomness of bit sequences that the section contains encrypted data. But if you are not a potential target for the intelligence services, then you are unlikely to face such a threat of compromise.
But for additional protection from ordinary people, it makes sense to hide the encrypted partition from the list of available drive letters. Moreover, anyway, accessing the disk directly by its letter will not give anything and is only required if the encryption is removed by formatting. To unpin a volume from the letter in use, go to the “Control Panel” section “Computer Management / Disk Management” and call context menu For the desired partition, select “Change drive letter or drive path...”, where you can remove the binding.
After these manipulations, the encrypted partition will not be visible in Windows Explorer and others file managers. And the presence of one nameless and “unformatted” partition among several different system partitions is unlikely to arouse interest among outsiders.
Using an encrypted drive
To use an encrypted device as a regular drive, you need to connect it. To do this, in the main program window, right-click on one of the available drive letters and select the menu item “Select device and mount...”
After this, you need to mark the previously encrypted device and specify the password.
As a result, the Windows browser should display new disk with the selected letter (in our case it is drive X).
And now you can work with this disk like with any ordinary logical disk. The main thing after finishing work is not to forget to either turn off the computer, or close the TrueCrypt program, or disable the encrypted partition - after all, as long as the disk is connected, any user can access the data located on it. You can unmount the partition by clicking the “Unmount” button.
Results
Using the TrueCrypt program will allow you to encrypt your hard drive and thereby hide your private files from strangers if someone suddenly gains access to your flash drive or hard drive. And the location of encrypted information on an unused and hidden partition creates an additional level of protection, since the uninitiated circle of people may not realize that secret information is stored on one of the partitions. This method of protecting private data is suitable in the vast majority of cases. And only if you are being targeted with the threat of violence to obtain your password, then you may need more sophisticated security methods, such as steganography and hidden TrueCrypt volumes (with two passwords).
