The security of our equipment, be it portable or desktop, is essential for our data to be safe. The threats to which our PC can be subjected are very varied and with very different origins. One of the most serious is information theft, especially when we store sensitive data on our hard drives.

Data and information security are always the top concerns for people when extremely sensitive information is stored on a desktop computer or laptop. This is why you should consider adopting Full Disk Encryption (FDE).

What Is Full Disk Encryption?

FDE is one of the most valuable and fundamental techniques to fight data breaches and cybercriminals. A data breach is an unauthorized access to private data. FDE consists of a data protection approach that will convert information on a storage device into a secret format that can only be understood and decrypted by those who have permission to access it.

Hard Drive Encryption vs. File Encryption?

signal encryption

Encryption is essentially the technique of encoding data using a specific algorithm. In the case of disc encryption, this will imply encrypting the data on your computer's hard drive. Hard drive encryption will work by converting a physical disc into an unreadable format, from plain text to cipher text, rendering the original data unreadable unless decrypted with a password. This prevents unauthorized users or hackers from gaining access to the data.

Two main encryption types are used for computers: full-disk encryption (FDE) and file-level encryption (FLE).

FDE means you will encrypt your whole disk preventing unauthorized access to your files on the hard drive. FLE, in contrast to FDE, is an encryption mechanism that occurs at the file system level, allowing the encryption of data in individual files and directories rather than the entire hard drive. Simply put, if your computer were a house and each room were folder files with documents, an FDE would lock the house's front door and windows while an FLE would lock each room.

FDEs and FLEs are not mutually exclusive as they both serve various functions so that you can utilize them together to secure your information completely. The two more popular FDE software are BitLocker for Windows and FileVault for macOS. These are built-in encryption tools available in all modern versions of Windows and macOS.

Notably, several independent open-source encryption programs are available in the market that also offers FDE and FLE; the most popular are AxCrypt, CryptoExpert, CertainSafe, VeraCrypt, Boxcryptor, and NordLocker.

What Is BitLocker?

suspend or disable bitlocker

BitLocker is window's encryption application that allows you to protect your hard drive from possible information theft. This tool was first available when Windows Vista came out, so naturally, it is still available on Windows Server 2008, Windows 7, Windows 8, and Windows 10.

BitLocker encrypts entire volumes, which means that you can encrypt the whole hard drive or just a part of it. It uses an AES encryption algorithm in CBC mode with a 128-bit key. For reference clarification, AES is an encryption scheme considered a standard by the United States government.

For BitLocker to be able to work and therefore be effective, two NTFS partitions are required. Generally, one will be for the operating system and another, with a minimum size of 100 MB, where the boot system will be. This boot volume will remain unencrypted and, therefore, should not be used to store any valuable information.

BitLocker is optimal when used in conjunction with a Trusted Platform Module (TPM), which stores the disc encryption key, which will usually be your regular windows administrator password. TPM is a secure cryptoprocessor that verifies that the correct device accesses encrypted data.

On current Windows OS versions, disc encryption is heavily based on TPM; however, the encrypted data can also be accessed via a USB startup key.

What Is FileVault?

FileVault preferences window in macOS.

FileVault is the name given by Apple to its disk encryption system built into the Macintosh operating system (macOS). FileVault's function is to encrypt Mac's data storage disk so that no one who can get their hands on that disk can access the data even if they physically try to plug it into another computer. It's something that's already done transparently on iPhones, iPods, and iPads, but is entirely optional on Macs.

You can activate FileVault at any time from System Preferences in macOS. If you choose to start it, FileVault will encrypt all the data on your disk, and just like in Windows, it uses the administrator password as the encryption key. If you don't want to have to remember a new password, you can use your Apple ID password as a key.

FileVault is highly recommended for everyone, but at the same time, users should be aware that FileVault is not the best if you are one of those people who tend to forget passwords and are forced to recover them frequently.

Encrypting the entire disk of your Mac implies the responsibility of always remembering those passwords, or at least having them written down in one or several safe places, because failing to remember the password will likely mean losing your Mac's data.

What Are the Drawbacks of Full-Disk Encryption?

data on screen behind lock icon

Even though it seems like common sense to use encryptions in the hard drives (or, as stated above, lock the house's front door), many organizations and individuals are hesitant to use FDE. There are different reasons for this; the most common is the uncertainty about how to start the process or buy encryption software. Another significant issue is data recovery if you forget or lose the password for encryption.

There is also a significant concern about how an FDE will affect the computer's overall performance, but while this might have been an issue in the past, it is not with modern versions of Windows and Macs. You will encounter problems with FDE (like when you forget the password), but you must also consider the risk you put your data and information under if you don't have any encryption.

How to Mitigate the Drawbacks of Full-Disk Encryption

There are still some things you can and should do if you are concerned about FDE; these are:

1. Back up all your files: Make sure you have a secondary location where you store your data and information to ensure that you can recover your most important files in case anything happens to your physical hard drive.

2. Use a strong password: Using a strong password that includes letters and numbers will prevent hackers from using brute force to access your data.

3. Keep your passwords and recovery keys in a safe place: There is nothing wrong with writing down all your passwords, as long as they are kept physically secure and out of sight. Alternatively, you can also use password manager software like LastPass or Dashlane.

Should You Use Full-Disk Encryption?

Full-disk encryption is a powerful data protection method that is relatively easy to implement, unlike most people believe. There is no need to purchase any advanced software; BitLocker and FileVault alone can help you step up FDE to store all valuable and sensitive information. For those reasons, you should look into encrypting your data using either FDE or at least FLE, especially if you value your privacy and safety.