Skip to main content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Security Tools: Encryption and Security Certificates

First in a series on security tools, this guide discusses encryption, security certificates, and Public Key Infrastructure

Securing Your Devices

Use Encryption To Protect Your Data

Any of your digital devices, whether desktop or notebook computer, mobile phone, or tablet, may fall into the wrong hands. A burglar may steal it from your home or a hotel room. You might inadvertently leave your phone in a taxi, airport gate seat, or restroom. Your college roommate may be using it without your knowledge. Your device has the equivalent of your wallet's or handbag's contents plus hundreds of file cabinet drawers of information on it. Use encryption to protect you from someone accessing that data and using it to harm you.

All popular, current device operating systems provide for encrypting the data on your device. All require some code, e.g. PIN, password, or security key, or biometric method for you to access the data once it has been encrypted. Therefore, it is imperative that you ensure you will have access to that code when the device itself is not available. Consider storing multiple copies of the code, for example in a flash drive kept separately from the device and in a cloud file in a well-regarded cloud service.

Microsoft Windows

Windows 10 devices may offer two versions of encryption: Device Encryption and BitLocker Encryption. For details and instructions to activate the feature, review Microsoft's document.. Generally, Device Encryption is not available on the Home edition of Windows 10, but BitLocker drive encryption may be. BitLocker encryption requires a 48-character recovery key if the computer drive has been compromised, e.g., you protect drive access with a password and you do not correctly enter it, or if the drive has been removed from the machine. Yes, if someone gets hold of your computer and finds that it will not run without a password, they can remove the drive, attach it to another computer, and try to read it. Encryption will prevent their being able to do this.

Apple MacOS

Macs use FileVault 2 whole disk encryption to protect your data. Ordinarily your machine password is needed to access the data on the hard drive. You can optionally set a recovery key so you or others can view your data, should the password be lost. Depending on the OS version, you can store the recovery key in your iCloud account, as explained in Apple's instructions.

iOS and iPadOS

To encrypt and fully protect your data on an iPhone or iPad, follow these steps:

  1. Set a passcode, by going to Settings > TouchID & Passcode or FaceID & Passcode.
    1. Tap "Turn Passcode On." You'll be prompted to enter a passcode, and you should use at least six digits.
  2. Once you've set the passcode, turn on "Erase Data."

Once you've done that, ten failed attempts to enter the passcode will erase all the data, preventing someone from accessing it by repeated guesses of your passcode. If you have forgotten the passcode, follow Apple's instructions.


Android versions and different devices may require different paths through the settings to enable a passcode and encryption; typically you would select Settings > Security. For more detailed instructions, review this guide from After you set a passcode and turn on encryption, be sure to turn on the erase data option.