The innovation engine for new materials

Encryption

Windows 10 
Turn on device encryption: Device encryption helps protect your data by encrypting it. Only someone with the right encryption key (like a password) can decrypt it.
 
1. Sign in to Windows with an administrator account.
2. Go to Start, enter encryption, and select Change device encryption settings from the list of results.
3. Select Manage BitLocker, select Turn on BitLocker, and then follow the instructions.
 
Windows 7
To turn on BitLocker Drive Encryption on an operating system drive
1. Click Start, click Control Panel, click System and Security, and then click BitLocker Drive Encryption.
2. Click Turn On BitLocker for the operating system drive. BitLocker will scan your computer to make sure that it meets the BitLocker system requirements. If your computer meets the requirements, BitLocker will inform you of the next steps that need to be taken to turn on BitLocker, such as drive preparation, turning on the TPM, and encrypting the drive.
If you have a single partition for your operating system drive, BitLocker will prepare the drive by shrinking the operating system drive and creating a new system partition to use for system files that are required to start or recover the operating system and that cannot be encrypted. This drive will not have a drive letter to help prevent the storing of data files on this drive inadvertently. After the drive is prepared, the computer must be restarted.
If your TPM is not initialized, the BitLocker setup wizard will instruct you to remove any CDs, DVDs, or USB drives from the computer and restart the computer to begin the process of turning on the TPM. You will either be prompted to enable the TPM before the operating system boots or in some cases you will need to navigate to the BIOS options and enable the TPM manually. This behavior depends on the BIOS of the computer. After you confirm that you want the TPM enabled, the operating system will start and the Initializing the TPM security hardware progress indicator will be displayed.
If your computer does not have a TPM, you can still use BitLocker, but you will be using the Startup key only authentication method. All of the required encryption key information is stored on a USB flash drive, which the user must insert into the computer during startup. The key stored on the USB flash drive unlocks the computer. Using a TPM is recommended because it helps protect against attacks made against the computer's critical startup process. Using the Startup key only method only encrypts the drive; it does not provide any validation of the early boot components or hardware tampering. To use this method, your computer must support the reading of USB devices in the preboot environment and you must enable this authentication method by selecting the check box Allow BitLocker without a compatible TPM in the Group Policy setting Require additional authentication at startup, which is located in the following location in the Local Group Policy Editor: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives.
3. After the TPM is initialized, the BitLocker setup wizard prompts you to choose how to store the recovery key. You can choose from the following options:
Save the recovery key to a USB flash drive. Saves the recovery key to a USB flash drive.
Save the recovery key to a file. Saves the recovery key to a network drive or other location.
Print the recovery key. Prints the recovery key.
Use one or more of these options to preserve the recovery key. For each option that you select, follow the wizard steps to set the location for saving or printing the recovery key. When you have finished saving the recovery key, click Next.
4. The BitLocker setup wizard asks if you are ready to encrypt the drive. Confirm that the Run BitLocker system check, check box is selected, and then click Continue.
5. Confirm that you want to restart the computer by clicking Restart now. The computer restarts, and BitLocker checks if the computer meets BitLocker requirements and is ready for encryption. If it is not, you will see an error message alerting you to the problem after you have logged on.
6. If it is ready for encryption, the Encrypting status bar is displayed, which shows the progress of the drive encryption. You can monitor the ongoing completion status of the disk drive encryption by moving the mouse pointer over the BitLocker Drive Encryption icon in the notification area, at the far right of the taskbar. Encrypting the drive will take some time. You can use your computer during encryption, but performance might be slower. A completion message is displayed when encryption is finished,
By completing this procedure, you have encrypted the operating system drive and created a recovery key that is unique to this drive. The next time you log on, you will see no change. If the TPM ever changes or cannot be accessed, if there are changes to key system files, or if someone tries to start the computer from a disk to circumvent the operating system, the computer will switch to recovery mode and prevent Windows from starting.
 
Mac OS
Use FileVault to encrypt the startup disk on your Mac
FileVault full-disk encryption (FileVault 2) uses XTS-AES-128 encryption with a 256-bit key to help prevent unauthorized access to the information on your startup disk.
Turn on and set up FileVault
FileVault 2 is available in OS X Lion or later. When FileVault is turned on, your Mac always requires that you log in with your account password. 
1. Choose Apple menu () > System Preferences, then click Security & Privacy.
2. Click the FileVault tab.
3. Click the Lock Locked button, then enter an administrator name and password.
4. Click Turn On FileVault.
If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. For each user, click the Enable User button and enter the user's password. User accounts that you add after turning on FileVault are automatically enabled.
Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password:
If you're using OS X Mavericks, you can choose to store a FileVault recovery key with Apple by providing the questions and answers to three security questions. Choose answers that you're sure to remember.*
If you're using OS X Yosemite or later, you can choose to use your iCloud account to unlock your disk and reset your password.*
If you don't want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk. 
When FileVault setup is complete, your Mac restarts and asks you to log in with your account password. Your password unlocks your disk and allows your Mac to finish starting up. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.
After your Mac starts up, encryption of your startup disk occurs in the background as you use your Mac. This takes time, and it happens only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences. Any new files that you create are automatically encrypted as they're saved to your startup disk.
Reset your password or change your FileVault recovery key
If you forget your account password or it doesn't work, you might be able to reset your password.
If you want to change the recovery key used to encrypt your startup disk, turn off FileVault in Security & Privacy preferences. You can then turn it on again to generate a new key and disable all older keys.
Turn off FileVault
If you no longer want to encrypt your startup disk, you can turn off FileVault:
1. Choose Apple menu > System Preferences, then click Security & Privacy.
2. Click the FileVault tab.
3. Click the Lock Locked button, then enter an administrator name and password.
4. Click Turn Off FileVault.
5. Restart your Mac. 
After your Mac starts up, decryption of your startup disk occurs in the background as you use your Mac. This takes time, and it happens only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences.