access to your container when you
click “OK.”
You’ll see a “Mount Options...”
button; clicking this reveals options
such as opening the volume in
read-only fashion, or assigning it
a specific drive label in Windows.
If your volume contains a further
hidden volume, be sure to check
“Protect hidden volume against
damage caused by writing to outer
volume” to safeguard its contents.
After clicking “OK,” wait while the
volume is mounted—you should see
your encrypted container appear
in the main VeraCrypt window. It
can now be accessed like any other
drive—copy or save files directly
into here to ensure they’re protected
going forward. When you’ve finished
with the drive, right-click its entry in
the VeraCrypt window, and choose
“Dismount” to lock it away from
prying eyes.
Encrypt your Windows installation
VeraCrypt can also be used to
encrypt your entire Windows
installation. All files remain
encrypted on your disk even in use—
they’re simply decrypted on demand
to allow Windows and your apps to
run normally without exposing the
data to potential problems, such as
sudden power loss.
This form of encryption is
particularly suited for those who
carry sensitive information with
them—typically on a laptop. Take
a drive image backup before you
begin, then launch VeraCrypt and
choose “Create Volume > Encrypt
the system partition or entire
system drive.” Again, standard and
hidden options are available (click
“More information” if you like the
idea of hiding your OS from view—
it’s a long, detailed subject, and
involves creating a “decoy” OS).
Assuming you simply want to
encrypt the drive, leave “Normal”
selected and click “Next.” You can
opt to simply encrypt the Windows
partition, or the entire drive (so
all partitions on the primary hard
drive). If in doubt, encrypt the
system partition only—you may
get a warning when attempting
to encrypt the entire drive about
losing access if it has a so-called
“inappropriately designed” BIOS.
The next step informs VeraCrypt
whether you have a single-boot or
multiboot system, and then it’s a
similar process as for creating an
encrypted virtual drive. One caveat:
You can only protect your system
drive with a strong password; key
files aren’t supported. You also
need to create rescue media—don’t
skip this step, because it’s required
to both permanently decrypt
your drive and provide protection
against corruption.
Different media is required
depending on whether your boot
mode is EFI (USB flash drive) or
MBR (CD/DVD)—just follow the
prompts to create and verify the
media. The recovery media is tied
to your specific PC and the current
password you’ve assigned to your
b o o t d r i v e. I f y o u m a ke a n y h a r d w a r e
changes, you need to recreate it.
You next see the “Wipe Mode”
screen, which enables you to
securely overwrite the unencrypted
copies of your files after they’ve
been encrypted—the more
passes, the slower the process, so
unless you have reason to be truly
paranoid, none or just “1-pass”
should be sufficient.Test and encrypt
You’re now ready for the drive to be
encrypted—first, a pretest is run to
verify everything works as it shoulddo. Your PC reboots, and you’re
prompted to enter the password
you just set up. When prompted for
the PIM, just press Enter unless you
manually specified this value. Wait
for the password to be verified—
then Windows boots as normal.
If the test passes, click the
“Encrypt” button and VeraCrypt
starts to encrypt your drive’s
contents (a “Defer” button is also
present if you wish to back up data
first—you’re then prompted again
the next time Windows is restarted).
Unlike with encrypting non-system
volumes, you can carry on using
your PC while the drive is encrypted.
Once complete, your computer’s
contents are protected against theft
and other threats, ensuring any
data stored on the drive is secure.Encrypt entire drives
VeraCrypt can also be used to
encrypt other drives and partitions,
from internal data drives to
USB thumb drives. As with all
major operations, we strongly
recommend you first take a full
image of your hard drive before
starting the process—just in case.
Once the drive is safely encrypted,
you can safely delete this backup.
However, if you plan to keep the
backup, check out the box on
page 41 about encrypting backups.
The creation process is similar
to setting up virtual drives. Start by
selecting “Encrypt a non-system
partition/drive” on the first page
of the wizard. Choose whether the
volume will be a standard one or
hidden, then click “Next.” Click
“Select Device...” to choose your
target drive or partition.
The next step is crucial—you
have a choice between “CreateAfter setting
up, mount your
encrypted drives
for access.You need
to balance
security
versus
performance
when picking
an algorithm.maximumpc.com MAR 2020 MAXIMUMPC 39