Protect personal and professional information Security has become as essential as having good antivirus software or keeping your system updated. Work documents, photos, copies of official documents, passwords stored in plain text—all of that usually ends up on your PC's hard drive, a USB drive that's always in your backpack, or some cloud storage service. If someone gets hold of that device or accesses your account without permission or encryption, it's like leaving your front door wide open.
VeraCrypt It has established itself as the natural successor to TrueCrypt To robustly encrypt data on Windows, Linux, and macOS. It allows you to create encrypted containers, protect USB drives and external hard drives, and even encrypt the entire disk where the operating system is installed with authentication before Windows boots. Throughout this guide, you'll see in detail what it offers, how it works, and how you can use it to secure your files without needing to be a security expert.
From TrueCrypt to VeraCrypt: why the encryption landscape changed
TrueCrypt was the de facto standard for years It was used to encrypt disks and folders, until its developers abruptly abandoned the project in 2014. On its official website, they recommended discontinuing its use, warned of potential security vulnerabilities, and suggested switching to BitLocker or other encryption systems integrated into Linux and macOS. The last version, 7.2, was limited to decrypting existing volumes, with no option to create new containers.
Faced with that void, An independent group of developers launched VeraCrypt as a fork of the TrueCrypt code. From there, they have been correcting vulnerabilities, strengthening cryptographic parameters, and incorporating new encryption algorithms and advanced security features. For many, TrueCrypt's retirement resonated so strongly because it was one of the few tools that seriously complicated the work of agencies like the NSA or the FBI when accessing seized disks.
Today, the general recommendation is to leave TrueCrypt in the past and use VeraCrypt exclusivelyNot only has it addressed legacy problems, but it has also improved performance with support for AES-NI acceleration, added more flexible encryption options, and remains active with frequent releases and external security audits.
What is VeraCrypt and how does it differ from other solutions?
VeraCrypt is a on-the-fly (OTFE) disk encryption softwareIt's a free and open-source tool that encrypts data in real time, transparently to the user. You can create a container file that mounts like any other drive, encrypt a specific partition (D:, E:, F:, etc.), or encrypt the entire system disk with pre-boot authentication in Windows.
It is Available for Windows, Linux, macOS, and some BSD systemsThis makes it especially attractive for mixed environments or for users who switch platforms. On macOS and Linux, it doesn't encrypt the system partition, but it does encrypt containers and secondary disks or partitions, much like it does on Windows.
One of the great advantages of VeraCrypt is the transparency of its codeBeing open source, it has been audited by independent organizations and experts. Entities such as QuarksLab and the German BSI have reviewed its security, vulnerabilities have been patched, and default cryptographic parameters have been strengthened. Furthermore, it implements industry-standard algorithms such as AES, Serpent, Twofish, Camellia, and Kuznyechik, in XTS mode and with PBKDF2 key derivation using hundreds of thousands of iterations to hinder brute-force attacks.
Compared to BitLocker or other proprietary solutions, VeraCrypt offers more granular control over how and what is encrypted, allows hidden volumes with "plausible denial," and works across multiple operating systems.In return, it lacks a centralized management console and direct integration with Active Directory or TPM; for hardware authentication solutions, see [link to relevant documentation]. Windows Hello for BusinessTherefore, in large companies it often coexists with more "automated" corporate tools.
Main features and functions of VeraCrypt
VeraCrypt is designed for both home users and professional environments that need robust encryption. These are its key features, grouped together so you can see exactly what it can do for you.
- Creating encrypted containers. The most versatile option is to create a file that acts as an "encrypted virtual disk." This file can reside on your internal hard drive, a USB flash drive, an external hard drive, or even a file server or cloud storage service.
- Encrypting disks and entire partitionsIf you don't want to use container files, you can encrypt an entire partition or disk. This is ideal for USB flash drives, SD cards, external hard drives, or additional PC drives.
- System drive encryption with pre-boot authentication. One of its key features is the ability to encrypt the entire disk where Windows is installed. When you turn on the computer, a small VeraCrypt boot manager appears, prompting you for the password (and optionally the PIM or key file).
- Real-time encryption and hardware acceleration. Encryption and decryption are performed automatically, on the fly. The user simply sees another drive. If you choose AES and your processor supports AES-NI, read and write performance is very high, to the point that in many cases the limitation is imposed by the drive itself, not the encryption.
- Hidden volumes for plausible deniabilityVeraCrypt allows you to create a "hidden" volume within another volume. One password mounts the external (normal) volume, and a different password mounts the hidden volume.
Download, installation and usage modes (installed or portable)
The most sensible thing is Always download VeraCrypt from its official website.There you'll find installers for Windows, macOS, Linux, FreeBSD, and the source code. There's no paid version: it's completely free and you can use it without restrictions.
In Windows, the installer offers two possibilities:
- Install the program on the system.
- Extract the files to use it in "portable" mode.
If your goal is to encrypt the system disk or the partition where Windows is installed, installation is mandatory. For encrypting USB drives, external hard drives, or other removable media, portable mode is very useful because you can copy the executable to the device itself on an unencrypted partition and use it on other computers without installing anything.
El installation wizard It's typical of any program: you choose your language, accept the license, select whether you want shortcuts on the desktop or in the Start menu, and that's it. At the end, VeraCrypt usually offers a beginner's guide that's worth reading if it's your first time using this type of software.
On Linux and macOS, installation is done using specific packages. or by compiling from source code, depending on the distribution. In any case, the interface and basic steps for creating volumes are very similar to those in Windows, making it easy to move between platforms.
Encrypting a "normal" container step by step
For many users, their first contact with VeraCrypt will be creating an encrypted file containerThe general flow, similar in all systems, is this:
1. Create volumeFrom the VeraCrypt main window, click on “Create Volume.” The wizard will ask what you want to do; select “Create an encrypted file container.” Then choose “Common VeraCrypt Volume” (the standard one) and not the hidden volume, which we will discuss later.
2. Choose the location and name of the container fileUse the "Select file" button to specify the path and name. You don't have to choose an existing file; just type the name you want for the new container (for example, "work_data.hc"). You can save this file to your local drive, a USB drive, a NAS, or even a folder synchronized with the cloud.
3. Select encryption and hashing algorithmsBy default, VeraCrypt uses AES as the symmetric algorithm and either SHA-512 or SHA-256 as the hash function. AES is the current standard, and if your CPU supports AES-NI, it offers excellent performance. Using the "Benchmark" option, you can test different combinations to see which performs best on your system, although for most situations, AES + SHA-256 is more than sufficient.
4. Define the volume sizeSpecify the size of the container in megabytes or gigabytes. Consider how you will use it: for a few documents, hundreds of MB are enough, but if you want to store complete backups, you might need several GB or even more.
5. Configure authentication: password, key file, and PIMAt a minimum, you should create a strong password, mixing uppercase and lowercase letters, numbers, and symbols, with a reasonable length. VeraCrypt will warn you if it detects that your password is too weak. Additionally, you can use key files (any file that acts as part of the secret) and a numerical value called a PIM (Personal Iterations Multiplier) that makes it harder to guess the password. Combining these three factors provides a very high level of protection.
6. Choose the file system and create the volumeFor containers on external drives, exFAT is usually a good idea; for internal drives, NTFS; and for basic use, FAT is fine if there won't be any files larger than 4 GB. Before clicking "Format," the wizard will ask you to move your mouse randomly within the window until a bar turns green: these movements are used as a source of entropy to generate more unpredictable keys. Once the formatting is complete, the volume is ready.
7. Assemble and disassemble the containerBack in the main window, select a free drive letter, click "Select File," point to the container, and click "Mount." Enter the password (and, if applicable, the key file and PIM), and a new drive will appear in "This PC." Anything you copy or modify there will be automatically encrypted. To close it, simply "Unmount" the drive or use "Unmount All."
Hidden volumes: how plausible deniability works
La hidden volume function It's one of the most talked-about features of VeraCrypt. Its purpose is to allow you to reveal a "harmless" password under duress, while keeping truly sensitive data safe in a volume whose existence cannot be proven.
The basic scheme is as follows:
- First, an "external" volume (the normal one) is created, with its own password and size.
- Within the free space of that volume is housed a second hidden volume, with another key, other encryption algorithms if you want, and a smaller size.
- When mounting the container file, VeraCrypt decides which volume to open based on the password entered.
To create a hidden volume, the following is used again: creation assistantThis time, choose the "Hidden VeraCrypt Volume" option. You are first guided through the configuration of the external volume (encryption, hash, size, password, file system) and then the hidden volume is defined: how much space it will occupy, what encryption it will have, and what password it will use.
It's crucial respect the space reserved for the hidden volumeIf, for example, the external volume is 50 MB and the hidden volume is 25 MB, you shouldn't fill the external volume to the point where it could overflow into the area where the hidden volume resides. VeraCrypt includes a hidden volume protection mode to reduce risks, but it's still wise to proceed with caution and leave some space.
Encrypt USB drives, SD cards, and entire external hard drives
USB flash drives and portable hard drives are among the easiest things to lose or end up in the wrong hands.Therefore, they are clear candidates for encryption. Furthermore, you can combine encryption with USB data blockers For greater protection. With VeraCrypt you can fully protect them or keep the existing data, depending on your needs.
1. Select the appropriate option in the wizardWith the device connected, tap "Create Volume" and choose "Encrypt partition/secondary drive." Decide whether you want a regular volume or a hidden volume, just as before. Then, when you tap "Select device," choose the specific partition on the USB drive or external hard drive.
2. Create a volume by formatting or preserving dataVeraCrypt offers two options: creating a new encrypted volume by formatting the drive (fast, but erases everything) or encrypting the partition while preserving the data (slower, but you don't lose anything). In many cases, the most convenient approach is to back up your data, format with VeraCrypt, and then restore your files.
3. Configure encryption, hashing, and authenticationJust like with containers, you choose the encryption and hash algorithm, define whether you'll use only a password or also a key file and PIM, move the mouse to generate entropy, and click "Format." The program will warn you that the data on the drive will be lost if you've chosen to create a volume from scratch.
4. Mount and use the encrypted deviceOnce the process is complete, the operating system will see the drive as "unformatted" or prompt you to format it. Ignore these messages. To use it, in VeraCrypt, click "Select Device," choose the encrypted partition, assign a free drive letter, and mount it by entering the password. From that moment on, a new drive (for example, F:) will appear where you can read and write data, which is encrypted transparently.
When you're finished, always unmount the drive from VeraCrypt. Before disconnecting the USB or shutting down the computer, just like with "Safely Remove Hardware." This prevents data corruption and ensures the volume is properly closed.
Encrypt your entire Windows drive with VeraCrypt
The maximum level of protection that VeraCrypt offers on Windows is encrypt the partition or entire disk where the system is installedThis way, if the laptop is stolen or someone takes the hard drive, they won't be able to boot Windows or read a single file without the key.
Before you launch, you need to have certain things in mind. PrecautionsMake a full backup of important data (on another drive, in the cloud, etc.). See our Comparison of backup methodsMake sure the computer won't lose power during the process (plugged in or connected to a UPS) and, above all, choose a password you won't forget. If you lose your boot password, accessing the system becomes extremely difficult.
The system encryption wizard follows roughly these steps:
- From “Create Volume” you choose “Encrypt the entire system partition/drive”.
- You select “Normal” as the encryption type (the “Hidden” mode creates a system within another for very specific scenarios).
- You decide whether to encrypt only the Windows partition or the entire physical disk.
- You indicate whether you have a single operating system (“Single boot”) or multiboot.
- You keep the default encryption (AES) and hash (SHA-256 or SHA-512) values unless you know exactly why to change them.
Then comes the moment to set the boot passwordIt should be memorable for you, but complex: a mix of characters, without obvious patterns, and of a certain length. The wizard may display a warning if it deems it unreliable, but you assume the risk. VeraCrypt then generates the internal keys by asking you to move your mouse around for a while.
A key part of the process is the ccreation of the rescue diskThe program generates an ISO image that you should burn to a USB drive or other secure storage device. This disc allows you to restore the VeraCrypt boot manager and recover the system in case of certain failures, although you will always need the password. You can choose to skip the rescue disc verification, but it is not recommended.
Before actually encrypting the disk, VeraCrypt performs a "boot test"The computer restarts, the VeraCrypt prompt appears asking for the decryption key, and if all goes well, Windows boots as usual. Back at the desktop, the program will indicate that the test was successful, and you can now begin the actual encryption of the system drive.
Why it's worth encrypting your files and devices
Beyond the technical aspects, The important thing is to understand the scenarios in which encrypting data makes a differenceIt's not about paranoia, but about reducing very realistic risks in everyday life.
Storing files in the cloud without encryption adds an extra attack surfaceAlthough major providers implement their own security measures, it's still useful to know how. managing metadata in Office and WindowsVulnerabilities can arise, including unauthorized access by privileged employees, configuration errors, or simple user oversights. If you upload files to the cloud that were previously encrypted with VeraCrypt (containers or backups), even a massive data breach can render your data unreadable without the key.
On shared computers, both at home and in the office, encryption prevents prying eyes.If several people use the same computer or if other colleagues at work have physical access to the equipment, an encrypted container is a very clear boundary: without the password, the content cannot be accessed, no matter how much trust there is.
Against malware and unauthorized remote accessEncrypting data adds an extra layer of security. A Trojan that manages to infiltrate your system can easily steal plaintext files, but if all it finds are closed, encrypted volumes, the information it obtains is useless. Obviously, this doesn't replace a good antivirus program or an updated operating system (see [link to relevant documentation]). online security in Windows), but it adds protection.
If any of your accounts are compromised (For example, the cloud service where you store a container, or the email where you sent an encrypted file), the attacker will only see a seemingly random block of data. This highlights the difference between sending a sensitive PDF as is and sending it within an encrypted ZIP or a VeraCrypt volume.
In the business and professional world, many laws require certain data to be encrypted.Data protection regulations, anti-money laundering laws, and professional secrecy laws for lawyers and healthcare entities require the encryption of sensitive information or, at the very least, explicitly recommend encryption as an appropriate security measure. Tools like VeraCrypt help meet these requirements, provided they are accompanied by sound key management and appropriate internal policies.
Real advantages and disadvantages of encrypting with VeraCrypt
Any serious encryption system It has clear benefits, but also some drawbacks. which is good to know so as not to get any surprises.
Its advantages include zero cost, transparency, and flexibilityVeraCrypt is free, open-source, runs on various operating systems, and offers different levels of protection (containers, secondary disks, full system, hidden volumes, etc.). It also supports a wide range of internationally validated cryptographic algorithms and has undergone independent audits.
The level of security it offers is very high, provided the password and key management are correct.The use of PBKDF2 with many iterations, combined with the ability to use key files and PIMs, makes brute-force attacks extremely costly. Adding good practices (unique passwords, password managers like KeePassXC or Bitwarden, and copies of the volume header) results in a very resilient system.
On the downside, the main disadvantage is that losing the key usually equates to losing the data.VeraCrypt doesn't have a magic recovery system or backdoors: if you forget the password and have no backups or header backup, the encryption does exactly what it's supposed to do, which is to prevent access even to the distracted legitimate owner.
Another drawback is the impact on performance on older hardware or hardware without AES-NIOn modern systems with processors that accelerate AES via hardware, the performance drop is minimal and often imperceptible. However, on older machines or if you use very heavy cascading algorithms, disk access can become slower, especially with very large volumes.
There are also limitations in terms of compatibility and ease of useSystem encryption is only available on Windows, doesn't integrate with TPM or enterprise-grade remote management solutions, and the interface can seem intimidating to users unfamiliar with concepts like volumes, partitions, or encryption algorithms. It's a powerful tool, but it's not a simplified "next, next, finish" wizard.
Finally, encryption always carries some additional risk of corruption.If an encrypted file is damaged, recovery is more complicated than with a plain text file. This underscores the importance of making regular backups and properly unmounting volumes before shutting down or disconnecting devices.
If you weigh the effort of learning to use VeraCrypt against the small performance cost Compared to what you gain in privacy, regulatory compliance, and protection against loss, theft, or attacks, it becomes quite clear why this tool has become the benchmark for encrypting data seriously in both home and business environments, provided it is accompanied by well-managed passwords and a minimum of discipline when handling encrypted volumes.
