Protect your private laptop data with TrueCrypt

When news about a stolen or lost laptop containing confidential information hits the headlines, who doesn't wonder how the owners could so stupid as to not use data encryption? Ask yourself one question, though – is your laptop encrypted? You may not be carrying around army personal records or confidential financial reports, but there's almost certainly enough personal information stored on your laptop for a knowledgeable thief to use to make your life a misery.

Encrypt your hard drive, on the other hand, and no one has access to your data but you and the good news is that any laptop can be encrypted for nothing using free software called TrueCrypt.

Encryption isn't guaranteed to protect your data against all-comers, but it will keep it safe from all but the most determined nosey parkers – and by that we mean people with access to considerable computing power and the ability to use it.

To get started, download and install TrueCrypt. Use the ‘Install' option and leave all the other options at their defaults. We're using the Windows version, but the steps are much the same for both Mac OS X and Linux.

Step 1
Start TrueCrypt and you'll see the standard window for working with encrypted drives, showing a list of drive letters that you can assign to an encrypted disk. Since we haven't encrypted anything yet, click the Create Volume button to get started.

Step 2
TrueCrypt can encrypt an entire hard disk or a hard disk partition, or it can create a virtual encrypted hard disk that's stored as a file. This latter option is the safest, particularly for novices, since there's no risk of damaging your Windows installation or other documents if something goes wrong. So, select Create a file container and click Next.

Step 3
TrueCrypt offers two types of encrypted ‘volume' -- an encrypted disk, virtual or otherwise. Standard encryption offers one level encryption that you need a password to access. It's trivial for someone to see if a laptop uses standard encryption and it's not hard to imagine a circumstance where a laptop owner could be forced to reveal the password.

Hidden encryption creates a second encrypted, but hidden, volume inside a standard volume. The idea is that while you may be forced to reveal a password for an obvious standard volume that can contain some red herring files, no one but you knows that it contains a second volume where the real confidential data is stored. For most people, Standard encryption is more than sufficient and much simpler to manage, so select this option and click Next.

Step 4
Since we're creating a virtual encrypted volume as a file, we now have to select where this file is stored. The My Documents folder is the most sensible place, but you can click the Select File button and choose any location.

It's important to type a unique name for the volume – don't select an existing file unless you're happy for it to be erased. If you want to encrypt some existing files, just create a new, empty encrypted volume and move the files into it later.

Step 5
TrueCrypt offers a variety of encryption algorithms with increasing levels of security. The default AES algorithm should be sufficient for anyone who isn't involved in international espionage and besides, the stronger algorithms take more time to encrypt and decrypt files. You can click the Benchmark button if you want a quick idea of how fast each algorithm is – AES is around five times faster than the slowest Serpent-Twofish algorithm.

Step 6
Next, choose how big you want your encrypted volume to be. You obviously need enough space to hold all the files you want to encrypt, but the volume can't be bigger than the disk it's stored on.

Step 7
All encrypted volumes need a password and the longer and more random this is, the better. There is no way to recover this password if you forget it, so you'll obviously need to make it memorable. Try using letters, numbers and punctuation, but nothing longer than 64 characters. If you enter too-easy a password, TrueCrypt will warn you about it when you click Next.

Step 8
You can change the file system used by the encrypted volume, and opt for a dynamic volume that expands to accommodate the data it contains. You'll need to use the NTFS file system if you plan to encrypt files over 2Gb (regardless of the file system on the disk where the volume is stored), but stick with FAT otherwise. A dynamic disk will slow encryption down, so is best avoided.

Move the mouse pointer around in the TrueCrypt window to help randomise the data used for the encryption and click Format when you're ready to create the volume. How long this takes depends on the size of the volume and the encryption algorithm, but it should take no more than a few seconds for volumes of less than a few hundred megabytes. Click Next when the encrypted volume has been created, then the Exit button.

Step 9
You'll now be returned to the main TrueCrypt window, but there's nothing here to suggest that you've created an encrypted volume. You now need to open the encrypted file created in step 4, so click the Select File button and browse to its location.

Step 10
Select a drive letter from the list that you want to use for your newly-encrypted volume and click the Mount button.

Step 11
You'll be prompted for a password – type the one you created in step 7 and click OK. The encrypted volume will then be mounted using the selected drive letter and will appear in the list of mounted volumes.

Step 12
You can right-click this volume in the list and choose Open, or open it from My Computer. To encrypt files, simply move (not copy, unless you want to keep a non-encrypted version) them into this folder.

Step 13
Once it's been mounted, you can access your encrypted volume even if you exit TrueCrypt. Once you've finished working with your encrypted files though, you need to dismount the volume to make it inaccessible. Either select the volume in the list and click the Dismount button, or just click Dismount All to dismount all mounted volumes.

These steps are enough to get you started with TrueCrypt and the encryption provided should be more than sufficient for most people. If you are particularly paranoid though, or regularly carry around highly sensitive information that must not fall into the wrong hands under any circumstances, you'll need to take a few extra precautions (including creating a hidden volume and/or running TrueCrypt from a USB flash drive), and we'll cover those in our next encryption instalment.