September 27, 2020 | computer | No Comments
If you purchased your computer in the past few years, it probably has a solid-state drive. SSDs are faster than older, mechanical hard drives and use flash memory instead of magnetic platters. But the downside of the technology is that securely deleting files from an SSD is very hard. SSDs use a technique called wear leveling to prolong life, but a side effect of this process is that data can remain on a drive even after you’ve erased it. Instead of using special software to erase an SSD’s contents, you’re better off encrypting the drive, which employs a mathematical process to muddle up the data using a passkey that only you have. Without the key, files on the drive look like gibberish—even if someone succeeds in recovering files, that person still won’t be able to open them.
The good news: Encrypting your storage drive is simple. This is something we recommend doing for every computer with an SSD, even if you’re not selling it. You can also encrypt mechanical hard drives for the same reason, but the process takes a particularly long time, and it’s easier to do a good-enough job of removing data on mechanical drives.
Chromebooks usually use solid-state storage, but Google enables encryption by default, so if you’re resetting a Chromebook, you can skip this section.
If you have a Windows computer, encrypting your storage drive can be a little tricky and depends on which version of Windows your computer has and what components you have installed.
Some Windows laptops have device encryption enabled by default. To check:
- Click the Start menu and then select Windows Administrative Tools > System Information (or type “system information” into the search menu in the taskbar).
- Look for Device Encryption Support; if you find it, and it says “Meets prerequisites,” it’s enabled on your computer already.
If that’s not an option, look for the built-in encryption tool, BitLocker, which is available in Windows 10 Pro, Education, and Enterprise:
- Open Control Panel.
- Click System and Security.
- Click Manage BitLocker.
- Click Turn on BitLocker.
BitLocker can also encrypt external drives, including SD cards and flash drives, which is a more secure way to delete files on such drives before formatting.
If BitLocker isn’t an option, you’ll need to turn to third-party software. We like VeraCrypt, but keep in mind that its encryption process is more complicated than BitLocker’s. Some SSD manufacturers may also provide software for securely erasing their SSDs, though we haven’t tested any of those utilities.
Macs have had the same free encryption tool—called FileVault 2—since 2011, and the process is the same in every version of macOS:
- Open System Preferences.
- Click Security & Privacy.
- Select the FireVault tab.
- Click Turn on FileVault.
- In OS X Yosemite and later, you’re prompted to use either your iCloud password or a recovery key (since you’re wiping the drive, either choice is fine).