Learn how to truly erase your hard drive and encrypt your files from prying eyes.
We discussed the importance of backing up the data stored on your computer’s hard drive in a previous story. But what happens if your computer is lost or stolen? Notebooks are particularly vulnerable. A thoroughly executed back-up plan will alleviate data loss, but do you want strangers perusing the highly personal information you’ve stored on that machine? We didn’t think so; that’s why we put together this guide to keeping your electronic data secure.
First, we’ll take you through the process of encrypting the data on your hard drive, so that you can use passwords to control who can see it. And since no computer lasts forever, we’ll show you how to scrub your hard drive so that no one will ever be able to retrieve anything from it when you decide it’s time to put it out to pasture.
Hide in Plain Sight
One of the best ways to secure your private data is to encrypt it on your hard drive. Encryption uses an algorithm to scramble data in such a way that it can be read only by someone who possesses the special key that’s required to descramble it. You can use a free program (the authors do accept donations) called TrueCrypt to create a virtual encrypted disk in which you can stash sensitive information. Download the software here.
If you’re truly paranoid, you can create a hidden TrueCrypt volume that won’t be displayed in any directory.
Download, install, and launch TrueCrypt. TrueCrypt’s main window will display all of your computer’s unreserved drive letters. Click the button labeled “create volume” to launch the Volume Creation Wizard. For the sake of simplicity, we’ll choose the first option to create a virtual encrypted drive; you might think of this as an electronic safe in which you’re going to hide your sensitive files. Click the “next” button and choose the default value, Standard TrueCrypt Volume, in the next step.
Now we need to choose the physical location for our virtual disk and give it a name. Click the “select file” button and navigate to the disk, disk partition, folder, or network location you’ve chosen. You have the option of using an external drive, too. At this stage, it’s absolutely critical that you do not use a name that already exists in the directory you’ve selected; if you do, you’ll wind up overwriting that existing file. Click the “save” button when you’ve decided on a new name. Once you’ve created this new container, you’ll be able to copy or move it anywhere, just like any other file. But you won’t be able to open it without a password, which we’ll create later.
Click the “next” button to choose an encryption algorithm. We’ll stick with the default value of AES here (hey, the U.S. government considers it strong enough to encrypt data classified as top secret), so click the “next” button. Now we have to decide how large we want our secure container to be. We still haven’t actually encrypted anything at this point; encryption will happen on the fly when we move files into the container.
TrueCrypt will warn that your password is too weak if it contains less than 20 characters.
The software is now finally ready to create an encryption container for you. You have the option of creating a virtual disk using either the old FAT or the new NTFS file systems, and you can also designate the disk’s cluster size here. We’ll accept the default values; but before clicking on the “format” button, move your mouse pointer inside the box and wiggle it around randomly for five or 10 seconds. TrueCrypt will use the mouse movements to create the keys it will use to encrypt your data; the longer you make random mouse movements, the stronger the encryption key will be. Click the “format” button when you’re ready. When TrueCrypt displays a message that it has finished creating your new volume, click the “exit” button to close the wizard.
Using Your Encrypted Container
You’ll need to mount your encrypted container before you can store or access anything in it. The main TrueCrypt window should still be open at this point; if it’s not, launch it from the Start menu. Select a drive letter from the window and then click the “select file” button. Navigate to the volume you created in the previous steps, select it, and then click the “open” button. Finally, click the “mount” button and enter the password you created to secure the container. If you’re using a portable storage device, such as a USB hard drive, click the “mount options” button, place a checkmark next to the phrase “mount volume as removable media,” and click “OK.”
You’ll need to enter the password for the encrypted volume that you’ve created before you can access it.
You can exit the main TrueCrypt window at this point. Your encrypted drive will remain accessible. You can read, write, and copy files to and from the virtual drive and TrueCrypt will encrypt them on the fly. Note that as long as the volume is mounted, its contents will be available to anyone who has physical access to your PC. You should therefore dismount the drive as soon as you’ve finished working with it. The easiest way to do this is to right-click on the TrueCrypt icon in the taskbar and click Dismount. To remount the drive again, open the main TrueCrypt window and follow the steps above.
