Encryption is a process that takes readable data and scrambles it so that it is unreadable, thereby protecting it from unauthorized access. A cryptographic key unlocks decrypts the unreadable data and transforms it back into a readable form. This can only be done with the correct key. Software usually helps with this process and your password often protects the key that deals with the encryption behind the scenes.
More on Encryption from the Internet Society
Table of Contents
Encrypt Your Communications
Encrypted platforms prevent your communication from being read by third parties. End-to-end encrypted email and messaging services ensure that your messages are not read as they are routed through the Internet. Services that store messages on your device or with “zero knowledge” at the server level, cannot see your communications as they cannot decrypt them.
Recommended Encrypted Platforms
Encrypt Your Devices
Windows Encryption
Consumer versions of Windows do not have built in encryption. This means that if your device falls into the wrong hands, the data can be accessed. Microsoft has encryption software called BitLocker in Professional versions of Windows, but it is not available in Windows Home. There are also concerns about its storage of keys in Microsoft accounts.
In light of this, the best solution is to use the open source VeraCrypt.
Use VeraCrypt
VeraCrypt is freely available open source software. The code is publicly available and can be checked for vulnerabilities. VeraCrypt has undergone a third party audit and makes available information about legal requests.
Installing VeraCrypt
Note: Before you install VeraCrypt, you should have a temporary backup of your personal files in case anything goes awry. The best way to do this would be to create a VeraCrypt container on an external device such as a USB flash drive or external hard drive.
To install VeraCrypt, you can download and install it from their website. Once you have installed VeraCrypt, you will be ready to use it. If your Windows computer is currently unencrypted, you should set up system encryption. This will encrypt all data on your machine.
Using Containers
Another way to use VeraCrypt is to create containers. These are single files that contain and encrypted file system inside of them. You unlock the file with VeraCrypt and then the file system is mounted similar to how a USB flash drive would display. Containers are a good way to secure files on USB drives and to encrypt files for transfer.
VeraCrypt Documentation
Mac Encryption
MacOS offers a built-in encryption tool called FileVault. FileVault is not enabled by default, which means that you must turn it on. The process is straight forward and outlined in the documentation below.
On a Mac, you may also want to use VeraCrypt containers to encrypt sensitive files for extra protection.
Documentation
Android Encryption
Because of the wide variety of device manufacturers and customizations made to Android, encryption is not always enabled on Android phones. However, encryption can typically be enabled by going doing the following when it is plugged in and your battery is charged to 80% or higher:
- Enter “Settings”
- Go to “Security” (may also be called “Security & Location”)
- Select “Encryption & Credentials” (may also be called “Encrypt Phone”)
- Read the warnings
- Wait for your phone to be encrypted
Because of differences in how manufacturers customize Android, the instructions may not match your phone. Additionally, there is a wide range of Android operating systems in use at any given time and features may not exist in some versions.
Documentation
- File-based Encryption – This is a longer technical document that explains how encryption works in Android
iOS Encryption
iOS devices (iPhone and iPad) are encrypted by default. Apple has famously refused to assist the U.S. government in unlocking devices.
Note: Backups are not encrypted so it is recommended that you set up encrypted backups.