This encrypts all of the data on your device to prevent other people from viewing your files. Why is encryption needed? It turns your data into seemingly-random nonsense, rather than actual information. This protects your files if your computer is lost or stolen, or if an unauthorised person tries to access your computer. The only way someone can decrypt your data and view your files is if they know the encryption key, i.e., the password. (Or if a major weakness is discovered in the encryption algorithm, but this is rare.)
Encryption on Microsoft Windows
For Windows 10 and 11, there’s “Device Encryption” on the Home version, and “BitLocker” on Professional (as well as on Enterprise and Education). What’s the difference? BitLocker provides more options, such as the ability to encrypt different drives or partitions, and multiple ways to decrypt them.
Device Encryption is automatically enabled when you log in with a Microsoft account (i.e., an email address), but not with a local account (i.e., a regular user name). But you can always enable it in Settings. BitLocker is almost always enabled automatically, but you should check this anyway.
By default, both Device Encryption and BitLocker behave by checking the storage drive is connected to your computer and that the boot mechanism hasn’t been altered, before they then decrypt the drive. This provides protection because it prevents your files from being viewed if the drive is connected to another computer, or if there’s an attempt to boot a different operating system on your computer where your login password isn’t needed.
However, the drive still gets decrypted if your computer is booted normally, at which point a bad actor could eventually gain access to your files. To ensure the drive is always encrypted, add a password that’s required to decrypt the drive at boot time. You’ll need BitLocker for this feature, so ensure your PC has Windows Professional.
Encryption on Apple Macs
Macs with Apple Silicon (the ‘M’ series of processors) automatically use a technology called “Data Protection.” This implements a hierarchy of encryption levels as well as creating a unique encryption key for each file. For other Macs, you’ll need to ensure that storage encryption is set up properly.
On Macs with a T2 security chip, the storage drive is automatically encrypted. However, similarly to Windows, by default the drive is automatically decrypted when it’s connected to your Mac and there are no detected changes to the boot mechanism. Therefore, you should use an included macOS utility called “FileVault” to ensure the drive is only decrypted when you enter your login password. This can also be used on non-T2 Macs to enable the same protection.
What about smartphones and tablets?
Unless you’re using a very old device, secure storage encryption should already be set up. Like Apple Silicon Macs, iPhone and iPad use the company’s Data Protection technology. Meanwhile, Google’s Android uses a protocol called “File-Based Encryption” to implement a similar system of access levels. This leaves only limited data, such as alarms and phone calls, unencrypted before a smartphone is unlocked using its passcode.
Encryption on Chromebooks
Although most of the files you deal with on ChromeOS are stored in the cloud, some are still kept locally, such as Chrome profiles, user credentials, and a small number of offline documents. Thankfully, ChromeOS automatically encrypts all user data on the device. This is achieved using a file system feature called “fscrypt” on devices released from around 2018-19 onwards, or a technology called “eCryptfs” on older devices. Decryption of your data only happens when you successfully log in via your Google account.