Should I encrypt or just hide my drive on computer?

Lora M May 4, 2014

I searched the Internet and many people said that entire drive encryption is risky. I want to protect all files on my drive from being accessed by other people, so which method should I choose, drive encryption or hiding drive?

  1. Oron J
    May 5, 2014 at 11:55 am

    As Bruce says, it really depends on what you want to protect and why. There is an additional risk in encrypting your drive, and that is that data recovery will no longer work on the drive (at least not if you are accessing it from another system, which is what you would do if there was a system or hardward failure).
    Hiding is imperfect. It essentially relies on people not knowing that it is there. It may be better to hide a folder (it won't be obvious it's there), or if your drive contains data-only, you could add it to your computer as a path on an existing drive (e.g. C:hidden) rather than as a drive letter (E: or whatever). This option is avialable in the Windows Disk Management console. Even so, it does not prevent anyone from accessing your data, so it's only good for things you would prefer other people not to see, rather than for critically condifential material.

    • Bruce E
      May 5, 2014 at 4:41 pm

      The additional risk regarding data recovery can be minimized if backups are being performed as they should. Although if the data is important enough to encrypt the entire drive, the backups should be encrypted as well.

  2. dragonmouth
    May 4, 2014 at 8:09 pm

    If it is a data drive, you can make it physically removable through the use of a removable caddy. Then you can hide it in a desk drawer, under lock and key, or at a location away from the PC.

  3. Bruce E
    May 4, 2014 at 2:56 pm

    It all depends on what you want to protect and why.

    The risky part of whole disk encryption comes from things: forgetting the key, interrupting the initial encryption of the drive or interrupting the decryption of the entire drive if you decide you no longer want/need it. Barring any of those events, there is little risk with whole disk encryption.

    The problems with hiding a drive is that I have yet to see a method that truly hides the drive. Many simply make it so the icons don't appear in My Computer or Windows Explorer, but a user can easily find out if another drive exists and still access it via Run, the command prompt or the address bar within Windows Explorer or a web browser. Removing the drive letter via Disk Management can make programs that use drive letters fail to function. Using Group Policies to hide drives only removes the icons, but users can still access the drives by using the Run... dialog, the command prompt, typing the location in the Windows Explorer or a web browser's address bar, etc. Using Group Policies to restrict access to drives only applies to the Run... command, Windows Explorer, and possibly the command prompt (I haven't tested that one). Other programs can still access those drives. With both of the group policy options, users can still use Disk Management to see what drives are out there on the machine and possibly change parameters.

    If you are primarily concerned with access to your own data files, you could simply use a TrueCrypt container for all of your sensitive documents.