Before the articles…
This week’s articles cover a common request — securing the data on an external drive — a strong recommendation — turning on two-factor for your Google account — and a continuation of a series on backing with with Windows 10’s built in tools — turning on File history.
If you visit Ask Leo! in the coming days you may notice tool-tips containing glossary definitions for certain highlighted words. We’re in the process of merging the separate glossary website into Ask Leo! main to be more useful. If you have a term you’d like to see defined, let me know — just reply to this email.
The glossary merge is the first step in a “summer of change” at Ask Leo! that will unify several separate sites. This’ll make it easier for me to provide more value, and at the same time reduce some of the multiple-login confusion. Stay tuned!
BitLocker is one solution, and it’s much more than “just” password protecting the drive.
What you’re really looking for is encryption.
A password alone is not enough
The reason you’re looking for encryption is that a password by itself isn’t enough.
For example, let’s say you somehow attach a password to a drive1. Now someone steals your computer, or gains access to that computer using some other operating system or technology that simply ignores the password requirement. Or perhaps they perform some kind of forensic data recovery on the drive. Either way, they can bypass the password and access your files.
That’s not much protection.
What you want instead is that the data you care about — everything on the drive, in your example — be encrypted, so regardless of how it might be accessed, the data is inaccessible without your password.
Approach #1: BitLocker
Included in Windows 7 and later, in all editions except “Home” or “Starter”, BitLocker is a whole-drive encryption technology that can be used on external or internal drives.
Windows will encrypt the drive for you, and require the password you set to access that drive’s contents in the future. (When given the opportunity to save a recovery key, do so. That way, even if you forget the password, you’ll be able to regain access. Without the password or recovery key, the data is completely inaccessible.)
This is the kind of protection you’re looking for.
The only real “problem” that remains is that your drive can only be used with Windows, and with Windows editions that support BitLocker. The drive cannot be viewed elsewhere.
Option #2a: VeraCrypt whole-drive encryption
VeraCrypt, the heir-apparent to the long-favored TrueCrypt, is a high-quality encryption program that supports everything we need: encrypting the entire disk, like BitLocker, and requiring a password, also like BitLocker.
The difference is that it’s from a third party, works on any edition of Windows (include Home), and is compatible with other systems, including Mac and Linux.
Once you encrypt a drive, you “mount” it to access its contents, providing the password to do so.
There is no “recovery key” for VeraCrypt encrypted drives, so make sure your data is backed up and that you never lose the password you used to encrypt the drive.
When you encrypt a drive, the entire drive is encrypted, and you need the password to access any files (or folders) anywhere on that drive.
Option #2b: VeraCrypt volume encryption
A hybrid approach avoids encrypting the entire drive, but instead creates a single (large-ish) file, which is then encrypted and used as a container for your files.
Rather then mounting the drive, you mount that encrypted container, specifying the password, at which point its contents become visible as if it were a separate drive. You can choose to place unencrypted data in the drive directly (accessed as E: in the diagram above), or deal with data that’s encrypted in the mounted file container (accessed in drive F: in the diagram above).
As long as the container is mounted and password provided, its contents are available as on any drive. Once unmounted, the files are no longer visible.
VeraCrypt encrypted containers have the advantage that the container itself can be copied to other drives or devices — even using other operating systems — and mounted there for access, when the password is supplied.
I tend to use BitLocker for drives that are permanently mounted in the computer, such as the system drive. Of course, if you have Windows Home Edition, that’s not an option, in which case VeraCrypt would be my choice.
If I want encryption on an external drive, I use VeraCrypt — either whole-drive or container — because this gives me the flexibility of using that drive or container in any of my systems, whether Windows, Mac, or Linux.
Related Links & Comments: How Should I Password Protect an External Drive?
A high percentage of the questions I’ve received over the years have related to account loss due to hacks or other compromises. Enabling Google Two-Factor Authentication
Backing up the files you care about on a regular basis is a common (if incomplete) approach to backing up. While I much prefer an Enable File History in Windows 10
A feature exclusively available to Ask Leo! Patrons Bronze level & above.
- Tip of the Day: Run a Program Minimized from the Command Prompt
- Tip of the Day: System Information in a Keystroke
- Tip of the Day: Add Another Language
- Tip of the Day: Change a Folder’s Icon
- Tip of the Day: Get Rid of the Edge Tab Icon in IE
- Tip of the Day: Let Your Browser Be Forgetful
More Ask Leo!
Leo’s Other Projects….HeroicStories Since 1999, HeroicStories brings diverse, international voices to the world ‘ reminding us that people are good, that individuals and individual action matter. Stories – new and old – are published twice a week.
Not All News Is Bad – Each day I look for one story in the current news of the day with a positive bent. Just one. And I share it.
leo.notenboom.org – My personal blog. Part writing exercise, part ranting platform, it’s where I write about anything and everything and nothing at all.
Help Ask Leo! Just forward this message, in its entirety
(but without your unsubscribe link below) to your friends. Or, just point them
for their own FREE subscription!
Newsletter contents Copyright © 2017,
Leo A. Notenboom & Puget Sound Software, LLC.
Ask Leo! is a registered trademark ® of Puget Sound Software,