Security Windows

4 Syskey Encryption Alternatives for Windows 10

Gavin Phillips 29-09-2017

Windows encryption tool Syskey is being removed in the upcoming Windows 10 Fall Creators Update. The utility encrypts password information stored in system databases that are in turn stored in the Windows registry.


Its original purpose was to prevent unauthorized, offline password cracking attempts. However, scammers realized they could use the integrated utility to lock users out of their systems, forcing them to pay a ransom (pre-ransomware, but still in use in telephone scams — there are thousands of YouTube videos). In other environments, Syskey provides pre-boot authentication, where the user is challenged for a password before the operating system boots.

Microsoft is recommending BitLocker as a Syskey replacement. But what are your options? Let’s take a look.

1. BitLocker

If you have Windows 10 Pro, Enterprise, or Education, you have BitLocker installed. Unfortunately, Windows 10 Home doesn’t offer BitLocker as a standard feature.

bitlocker password screen

I’ll say at this point: unless you’re considering upgrading to Windows 10 Pro Windows 10 Home vs. Pro: Do You Need to Upgrade? Windows 10 Pro offers more features than Home, but the upgrade also carries a $99 price tag. Let's see whether it's worth it. Read More (or have access to an Enterprise or Education edition), there are other, free Syskey alternatives that I’m going to list below. But if you’re already using Windows 10 Pro, BitLocker is worth considering.


BitLocker offers full disk encryption using either AES 128-bit or AES 256-bit. Both encryption strengths use a Diffuser algorithm to further protect against ciphertext manipulation attacks. An encrypted BitLocker drive is unlocked using either a hardware device (via Trusted Platform Module or TPM), a PIN, or a Startup key held on a separate removable media (such as a USB drive) — or a combination of all three.

You can find BitLocker options, including the BitLocker setup wizard by typing bitlocker in your Cortana search bar (press Windows key + S).

TPM Group Policy

When you attempt to Turn BitLocker on, you might meet the following message:

bitlocker incorrect group policy setting


This means we need to alter the Group Policy setting How to Access the Group Policy Editor, Even in Windows Home & Settings to Try Group Policy is a power tool that lets you access advanced system settings. We'll show you how to access it or set it up in Windows Home and 5+ powerful Group Policies to boot. Read More .

Type gpedit into your search bar and select the best match.

Head to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. Then, select Require additional authentication at startup.

Next, select Enabled to allow policy editing. Then, under Options, select Allow BitLocker without a compatible TPM. Hit Apply, then OK.


bitlocker group policy

Then, when you head back, your attempt to turn BitLocker on will be successful. For more details on the process, read our guide to hard drive encryption with BitLocker on Windows 10.

2. VeraCrypt

There are several free alternatives to BitLocker. Perhaps the best known is VeraCrypt 5 Effective Tools to Encrypt Your Secret Files We need to pay closer attention than ever before towards encryption tools and anything designed to protect our privacy. With the right tools, keeping our data safe is easy. Read More , built from the ashes of depreciated encryption tool, TrueCrypt.

VeraCrypt offers a range of tools, including virtual encrypted disk creation and mounting, full drive or partition encryption, and pre-boot authentication (encrypted operating system partition).


veracrypt volume creation wizard encryption algorithm

Furthermore, VeraCrypt has advanced features, like hidden operating system encryption and other hidden volume tools.

VeraCrypt offers a wider range of encryption algorithms How Does Encryption Work, and Is It Really Safe? Read More to users, including AES, Twofish, Serpent, and Camellia. In addition, users can select one of two hashing algorithms, SHA-256 or RIPEMD-160.

The takeaway for many is clear: if you’re not upgrading to Windows 10 Pro for $99, VeraCrypt is the way to go. In fact, there are many VeraCrypt users that use Windows 10, regardless of BitLocker, due to its expansive encryption options.

3. DiskCryptor

DiskCryptor is another open source full disk encryption tool. It was originally developed as a replacement for the enterprise-grade (and commercial product) DriveCrypt Plus Pack, which also features pre-boot authentication, but comes with a hefty price-tag (€125, or $149, at the time of writing).

diskcryptor drive volume panel

DiskCryptor was initially started by a former TrueCrypt user, who goes by the handle “ntldr.” Versions 0.1 to 0.4 were fully compatible with TrueCrypt, using corresponding partition formatting, as well as encrypting with AES 256-bit. However, DiskCryptor 0.5 started a new partition format designed to encrypt drive volumes already containing data (TrueCrypt format originally only encrypted an empty or newly created drive volume).

DiskCryptor uses AES, Twofish, and Serpent encryption algorithms, all with 256-bit keys. In addition, DiskCryptor is particularly useful for those wishing to encrypt multi-boot systems, offering full compatibility third-party bootloaders such as GRUB and LILO (offering pre-boot authentication for each bootable partition).

4. Jetico BestCrypt Volume Encryption

From an excellent free option to one of the best paid encryption tools on the market. It can encrypt a wide-range of volume types, including RAID drives What Is RAID Storage & Can I Use It On My Home PC? [Technology Explained] RAID is an acronym for Redundant Array of Independent Disks, and it’s a core feature of server hardware that ensures data integrity. It’s also just a fancy word for two or more hard disks connected... Read More , and offers pre-boot authentication (with customizable text, no less).

In addition, BestCrypt supports TPM, as well as the option to boot encrypted volumes only from within a trusted network. The Volume Encryption tool uses four main encryption algorithms, all with 256-bit keys: AES, RC6, Serpent, and Twofish.

jetico bestcrypt encryption algorithm panel

Jetico BestCrypt Volume Encryption is a premium tier encryption tool. Encryption expert Bruce Schneier even recommends it “even though it is proprietary,” which speaks volumes about the tool. However, premium products carry a premium price tag. BestCrypt Volume Encryption will set you back $119.99.

Which Syskey Alternative Will You Choose?

These are four excellent alternatives to the soon-to-be-depreciated Syskey.

You might ask why there aren’t more options listed. Well, honestly, these are some of the best products on the market, for a few reasons.

For instance, BitLocker is integrated into the Windows 10 operating system. As such, it is free if you already have the correct license, and is extremely well supported (by both Microsoft and the wider technology community). If you have Windows 10, you have an extremely powerful full disk encryption tool at your fingertips.

Veracrypt and DiskCryptor are open source, completely open to third-party audit, and well maintained (read: actively worked on) by their respective teams. Again, they offer excellent, extremely powerful full disk encryption, entirely free.

Finally, Jetico BestCrypt may set you back a chunk of cash, but you are investing in your personal security.

There are other options available on the market. Tools such as Sophos SafeGuard Easy and Symantec Drive Encryption are also excellent, but they carry a higher price tag. However, those readers in small-to-medium-sized businesses might consider them for the additional support offered.

You don’t have to spend big. In fact, you don’t have to spend at all to guarantee an additional layer of personal security Don't Believe These 5 Myths About Encryption! Encryption sounds complex, but is far more straightforward than most think. Nonetheless, you might feel a little too in-the-dark to make use of encryption, so let's bust some encryption myths! Read More . However, it is important to note that systems using Syskey as an additional or imperative security layer will not upgrade to the Fall Creators Update.

Related topics: Computer Security, Encryption, Twofish, Windows 10.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Dleippe
    August 30, 2019 at 4:27 pm

    For file or folder encryption use the option built into 7zip.

  2. Darren Chaker
    October 4, 2017 at 3:03 am

    I've used and recommended Jetico for years. The Whole Disk Encryption option is an upgrade to Bitlocker, and the variety of military grade security algorithms provides stunning security. Best to all, Darren Chaker

  3. Mott Given
    October 1, 2017 at 11:51 pm

    What is the performance impact of using these encryption schemes? Will it cause some of my games to run very slowly or not at all? ALso, what is the impact on memory consumption?
    I frequently have many browser tabs open and get an error message that my memory is running low and that I need to close some of my tabs.

    • KwaK
      October 2, 2017 at 12:58 pm

      From what I'm to understand in the article, I think in the general use case it won't have any performance impact - what it does is encrypt the disk contents which are then decrypted during system start-up (after correct password has been input). Unless you use the advanced features such as hidden/locked system folders I don't think it should have any negative downsides. However, I might be wrong about this.