For privacy, use VeraCrypt

VeraCrypt is an open-source encryption program that can keep your critical information privacy protected. It is quick and easy to use. It is audited and extremely secure. Here is how to setup our own encrypted volumes.

People sometimes have the need or just the desire to keep some of their information private. There is an easy way to do this. If you have some information like tax returns and accounting and your will that you'd like to keep private and secure, I suggest VeraCrypt.

VeraCrypt is free, open-source disk encryption software. It secures data on your computer. It supports full-disk encryption, partition encryption, and creating encrypted containers—virtual disks that act like secure files. I use the encrypted container option. It offers great encryption and security. It is regularly audited and widely supported and respected.

The procedure I use

I used the program to create a vault for my stuff. I don't have a lot that I wanted to keep private, but I wanted plenty of room. So, even though I had 225 MB of private files, I made a 1.5 GB vault. In other words, I made a vault about 6 times as big as I needed. That is excessive, but it means I can stick whatever I want in it and not worry about running out of space.

Once the vault was created, it looks just like any other big file. I can open it by entering my password. I use the same password I use for my password vault, so I didn't have to remember anything new. When I open it, it asks for my password; I enter it, and then it turns that big file into a virtual drive on my computer. I set it to use V for VeraCrypt. From that point on, everything is normal. I can use those files just like I'd use anything else. When I'm done using those files, I just unmount the virtual disk. Then the V drive disappears, and it becomes one big file that no one but me, my executor, and my brother can open. That file, though 1.5 GB, is still small enough to backup both to an external drive and the cloud.

The Procedure in Detail with Pictures

Creating an encrypted volume

Download the program
https://veracrypt.io/en/Downloads.html
Install it. and run it.
you'll get this.

Choose Create Volume
Then choose Create an encrypted file container Next
Choose Standard volume and press Next

Name the big volume file that will contain all your files. I stay simple with Veracrypt.hc for the name. I would rather not confuse myself, and I store it in documents so it automatically gets backed up.

Uncheck Never save history
There is a Never Save History option here and elsewhere. This means don't save what you've done. The idea is that if some miscreant steals your computer and runs Veracrypt, they won't be able to see what the name of your volume is or where you put it. People who find this important might also use a name like Valerie.jpg to make a thief think it is a picture. I'm happy to let anyone try to break my encryption because I'm satisfied with my password strength. I'm more worried about me forgetting where I put the volume or what I named it. So, I want the history saved so Veracrypt opens with my volume name and normal drive letter.

Encryption

Just accept default encryption options.
Choose a size 3 times or so larger than your current space.
Use a very strong password. As I said, I used the same one I use for my password manager.

Keyfiles and PIM

A key file is an addition to your password and is used for the encryption process. It must always be there and remain exactly the same, or the vault will not open. I do not use keyfiles. They cause more problems than anything else, except forgetting your password. My password is enough.

To PIM or not to PIM
As shown in the picture, I've crossed out both keyfiles and PIM. PIM stands for Personal Iterations Modifier. If you are using the default encryption, then Veracrypt will use 500,000 iterations. What that means is they take your password, mix it with the randomness they have, and you will create moving your mouse for 30 to 60 seconds in the next step. Then they run that through their SHA512 formula 500,000 times. By repeating the process 500,000 times, they make it harder to brute force your password. If your password could be broken in just 1 hour without those repetitions, then with 500,000 repetitions it would require 57 years to break.

If you decide to use a PIM, then that will replace the 500,000 that Veracrypt uses. So, if 57 years wasn't enough for you, then you could use a PIM and change Veracrypt's default to 657,450 so it would take 75 years to crack. The result is that you'll need to remember both your password and your PIM of 657,450 and enter both of them when you want to open your vault. Again, I believe that a good password is fine. I'm afraid I might forget my PIM. It is like an additional password.

Password Length

In the above example, where I discouraged both keyfiles and PIMs, I presented the example where it might take 57 years to brute force a password, and someone might create a 6-digit PIM and increase the number to 75 years. But if they simply added 1 character to their password, it would become 94 times as long to crack, or 5,358 years. Adding 2 characters would increase the cracking time to 503,652 years. This is because, if you use all four types of characters, there are 94 possible characters. This makes it 94 times as difficult to crack with each character added. I'm a believer in long passwords. Even if you use a smaller character set of just 70 characters, it is still much more effective to just add length to your password.

Creating the encryption key and volume

Veracrypt uses available systems within both the operating system and the hardware to create randomness which it adds to your password. Then it also asks you to move your mouse randomly to create even more randomness to make any possible hack of their system impossible. It only seems to add random mouse movements within its window.

Take a moment or two to consider your file format. FAT is very old and has limitations, like no files over 4 GB. But it is extremely compatible with all systems. exFAT is the newer, improved FAT, and it can be understood by all newer operating systems except some versions of Android. By newer, I mean within the last 10 to 15 years. NTFS is a good choice if you are only going to work with Windows systems. However, exFAT is the most likely to get corrupted as FAT maintains two file allocation tables while exFAT only maintains one. NTFS is the most resilient because it is a journaling file system. If you are only needing Windows compatibility choose NTFS; otherwise, if you don't need huge files, I recommend FAT. Leave the rest of the settings on their default.

Move your mouse around randomly for 30 to 60 seconds to add to the randomness VeraCrypt gets from the operating system and hardware. When you are tired of moving the mouse, click Format. VeraCrypt will write random gibberish into your vault, and the information required by your operating system to think the mounted volume is a drive. On the next screen, Click OK then Exit.

Using the volume

To use your new Veracrypt volume, just:

Choose a drive letter
Find your Veracrypt file (volume). Since I let Veracrypt remember my history, it will remember the last file used.
Choose Mount
Minimize the Veracrypt Menu screen

I always want to choose a drive letter at the end of the alphabet. I use V for VeraCrypt. Once you've mounted the volume, it will appear to Windows as a new drive, like an internal thumb drive. You can now move your private files and folders onto that drive. All software will be able to access and work on those files.

When you are done using the private files and folders, remember to dismount the virtual drive. The Mount button on the main menu will now say Dismount. When the software you are using saves files or records to the files inside the Veracrypt volume, they are saved in memory, encrypted, and written to disk. So, you are largely protected. But things can go wrong, so it is good practice to dismount your volumes when you are done with them so everything is written to disk and all caches are flushed. This is the proper and safe way to do it.

None of your Veracrypt files are ever written to disk unencrypted.

Auto-Unmount

Most of what VeraCrypt has as defaults are fine. But there is one setting you should think about. Under Settings then Preferences there are various options that you probably don't want to change. However, I do suggest you either change, or at least consider the Auto-Unmount preferences. Auto-Unmount will dismount your encrypted volume and make sure everything is written and encrypted on the disk. Remember, if it is mounted, anyone can come in and copy the files to a flash drive or anywhere else. In memory, they are not encrypted. Your system isn't secure again until you dismount your volume. VeraCrypt will force a dismount when you log off or the system shuts down. But there are other options here as well. I have it auto-unmount if I stop using the computer for 60 minutes.

Useful Links

Veracrypt's own beginner's tutorial: https://veracrypt.io/en/Beginner's Tutorial.html
WikiHow Tutorial https://www.wikihow.com/Encrypt-an-External-Drive-Using-Veracrypt

Date: August 2025

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		For privacy, use VeraCrypt VeraCrypt is an open-source encryption program that can keep your critical information privacy protected. It is quick and easy to use. It is audited and extremely secure. Here is how to setup our own encrypted volumes. People sometimes have the need or just the desire to keep some of their information private. There is an easy way to do this. If you have some information like tax returns and accounting and your will that you'd like to keep private and secure, I suggest VeraCrypt. VeraCrypt is free, open-source disk encryption software. It secures data on your computer. It supports full-disk encryption, partition encryption, and creating encrypted containers—virtual disks that act like secure files. I use the encrypted container option. It offers great encryption and security. It is regularly audited and widely supported and respected. The procedure I use I used the program to create a vault for my stuff. I don't have a lot that I wanted to keep private, but I wanted plenty of room. So, even though I had 225 MB of private files, I made a 1.5 GB vault. In other words, I made a vault about 6 times as big as I needed. That is excessive, but it means I can stick whatever I want in it and not worry about running out of space. Once the vault was created, it looks just like any other big file. I can open it by entering my password. I use the same password I use for my password vault, so I didn't have to remember anything new. When I open it, it asks for my password; I enter it, and then it turns that big file into a virtual drive on my computer. I set it to use V for VeraCrypt. From that point on, everything is normal. I can use those files just like I'd use anything else. When I'm done using those files, I just unmount the virtual disk. Then the V drive disappears, and it becomes one big file that no one but me, my executor, and my brother can open. That file, though 1.5 GB, is still small enough to backup both to an external drive and the cloud. The Procedure in Detail with Pictures Creating an encrypted volume Download the program https://veracrypt.io/en/Downloads.html Install it. and run it. you'll get this. Choose Create Volume Then choose Create an encrypted file container Next Choose Standard volume and press Next Name the big volume file that will contain all your files. I stay simple with Veracrypt.hc for the name. I would rather not confuse myself, and I store it in documents so it automatically gets backed up. Uncheck Never save history There is a Never Save History option here and elsewhere. This means don't save what you've done. The idea is that if some miscreant steals your computer and runs Veracrypt, they won't be able to see what the name of your volume is or where you put it. People who find this important might also use a name like Valerie.jpg to make a thief think it is a picture. I'm happy to let anyone try to break my encryption because I'm satisfied with my password strength. I'm more worried about me forgetting where I put the volume or what I named it. So, I want the history saved so Veracrypt opens with my volume name and normal drive letter. Encryption Just accept default encryption options. Choose a size 3 times or so larger than your current space. Use a very strong password. As I said, I used the same one I use for my password manager. Keyfiles and PIM A key file is an addition to your password and is used for the encryption process. It must always be there and remain exactly the same, or the vault will not open. I do not use keyfiles. They cause more problems than anything else, except forgetting your password. My password is enough. To PIM or not to PIM As shown in the picture, I've crossed out both keyfiles and PIM. PIM stands for Personal Iterations Modifier. If you are using the default encryption, then Veracrypt will use 500,000 iterations. What that means is they take your password, mix it with the randomness they have, and you will create moving your mouse for 30 to 60 seconds in the next step. Then they run that through their SHA512 formula 500,000 times. By repeating the process 500,000 times, they make it harder to brute force your password. If your password could be broken in just 1 hour without those repetitions, then with 500,000 repetitions it would require 57 years to break. If you decide to use a PIM, then that will replace the 500,000 that Veracrypt uses. So, if 57 years wasn't enough for you, then you could use a PIM and change Veracrypt's default to 657,450 so it would take 75 years to crack. The result is that you'll need to remember both your password and your PIM of 657,450 and enter both of them when you want to open your vault. Again, I believe that a good password is fine. I'm afraid I might forget my PIM. It is like an additional password. Password Length In the above example, where I discouraged both keyfiles and PIMs, I presented the example where it might take 57 years to brute force a password, and someone might create a 6-digit PIM and increase the number to 75 years. But if they simply added 1 character to their password, it would become 94 times as long to crack, or 5,358 years. Adding 2 characters would increase the cracking time to 503,652 years. This is because, if you use all four types of characters, there are 94 possible characters. This makes it 94 times as difficult to crack with each character added. I'm a believer in long passwords. Even if you use a smaller character set of just 70 characters, it is still much more effective to just add length to your password. Creating the encryption key and volume Veracrypt uses available systems within both the operating system and the hardware to create randomness which it adds to your password. Then it also asks you to move your mouse randomly to create even more randomness to make any possible hack of their system impossible. It only seems to add random mouse movements within its window. Take a moment or two to consider your file format. FAT is very old and has limitations, like no files over 4 GB. But it is extremely compatible with all systems. exFAT is the newer, improved FAT, and it can be understood by all newer operating systems except some versions of Android. By newer, I mean within the last 10 to 15 years. NTFS is a good choice if you are only going to work with Windows systems. However, exFAT is the most likely to get corrupted as FAT maintains two file allocation tables while exFAT only maintains one. NTFS is the most resilient because it is a journaling file system. If you are only needing Windows compatibility choose NTFS; otherwise, if you don't need huge files, I recommend FAT. Leave the rest of the settings on their default. Move your mouse around randomly for 30 to 60 seconds to add to the randomness VeraCrypt gets from the operating system and hardware. When you are tired of moving the mouse, click Format. VeraCrypt will write random gibberish into your vault, and the information required by your operating system to think the mounted volume is a drive. On the next screen, Click OK then Exit. Using the volume To use your new Veracrypt volume, just: Choose a drive letter Find your Veracrypt file (volume). Since I let Veracrypt remember my history, it will remember the last file used. Choose Mount Minimize the Veracrypt Menu screen I always want to choose a drive letter at the end of the alphabet. I use V for VeraCrypt. Once you've mounted the volume, it will appear to Windows as a new drive, like an internal thumb drive. You can now move your private files and folders onto that drive. All software will be able to access and work on those files. When you are done using the private files and folders, remember to dismount the virtual drive. The Mount button on the main menu will now say Dismount. When the software you are using saves files or records to the files inside the Veracrypt volume, they are saved in memory, encrypted, and written to disk. So, you are largely protected. But things can go wrong, so it is good practice to dismount your volumes when you are done with them so everything is written to disk and all caches are flushed. This is the proper and safe way to do it. None of your Veracrypt files are ever written to disk unencrypted. Auto-Unmount Most of what VeraCrypt has as defaults are fine. But there is one setting you should think about. Under Settings then Preferences there are various options that you probably don't want to change. However, I do suggest you either change, or at least consider the Auto-Unmount preferences. Auto-Unmount will dismount your encrypted volume and make sure everything is written and encrypted on the disk. Remember, if it is mounted, anyone can come in and copy the files to a flash drive or anywhere else. In memory, they are not encrypted. Your system isn't secure again until you dismount your volume. VeraCrypt will force a dismount when you log off or the system shuts down. But there are other options here as well. I have it auto-unmount if I stop using the computer for 60 minutes. Useful Links Veracrypt's own beginner's tutorial: https://veracrypt.io/en/Beginner's Tutorial.html WikiHow Tutorial https://www.wikihow.com/Encrypt-an-External-Drive-Using-Veracrypt Date: August 2025 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk