If you work with sensitive information, losing a USB drive or having your laptop stolen can be a real headache. encrypted with VeraCrypt It is one of the most reliable ways to prevent anyone from snooping on your data even if they have physical access to the device.
In this article you will see, step by step, How to encrypt files, folders, USB drives, and entire disks with VeraCryptWhat types of volumes you can create (including hidden ones), how it differs from other solutions like BitLocker or 7-Zip, and what role it plays in professional and corporate environments where data protection is not optional.
From TrueCrypt to VeraCrypt: why the landscape changed
For years, TrueCrypt was the go-to program for encrypting disks and containers, but its last stable version was in 2012, and the developers themselves announced in 2014 that They stopped continuing the project., recommending the use of BitLocker or other alternatives and even warning of possible security flaws.
The final version of TrueCrypt (7.2) only allows decipher volumes already createdIt is not possible to generate new containers or encrypt disks from scratch, so as of today it is not a valid option for protecting new data.
Following that abandonment, an independent group of developers launched VeraCrypt as a fork of TrueCryptMaintaining the original idea but correcting vulnerabilities, strengthening security, and adding new features. Many experts suspected that agencies like the FBI or the NSA may have influenced the "shutdown" of TrueCrypt, precisely because of the difficulty involved in decrypting information protected with this software.
Over the years, VeraCrypt has established itself as the natural successor to TrueCryptIt receives constant updates, integrates modern encryption and hashing algorithms, improves performance, and remains an open-source project.
Furthermore, it is totally multi platformIt works on Windows, Linux, and macOS, allowing the same encryption scheme to be used across different systems. Its goal is clear: to prevent any third party without the correct key from reading the files on a given disk, partition, or container.
Key features of VeraCrypt
VeraCrypt is much more than “a program to password-protect a folder”. key functions They allow you to cover almost any encryption scenario you might need, both personally and professionally.
- Encrypted containers (virtual disks)You can create a file that acts as an encrypted "virtual hard drive". When mounted with VeraCrypt, it appears as a new drive on the system; when unmounted, it reverts to a simple file unreadable without the key.
- Full encryption of removable devicesIt can encrypt an entire USB drive, SD card, or external hard drive. Windows will see the drive as unformatted and prompt you to format it, but in reality, all the content will be encrypted and can only be opened through VeraCrypt.
- Encrypting individual partitionsIf you don't want to encrypt an entire device, you can encrypt only one of its partitions, keeping others unencrypted for general use.
- Encrypting the system partition or disk: allows you to protect the disk where Windows is installed with pre-boot authentication, in a function similar to BitLocker but with the open-source philosophy of VeraCrypt.
- On-the-fly encryptionEncryption and decryption are done in real timeThis is transparent to the user. You copy files to the encrypted volume as if it were a normal disk, and they are automatically encrypted.
- Hardware accelerationIf you choose AES and your processor supports AES-NI, encryption is hardware accelerated, with very high read and write speeds even at large volumes.
- Hidden volumes: offers the possibility of creating a volume "within" another, so that you can reveal the password of the external volume in case of duress without it being possible to prove that there is another more sensitive volume inside.
With this range of possibilities, VeraCrypt adapts to both basic use to protect a sensitive file, such as advanced schemes in companies, activists, journalists or public administrations.
Effectiveness and advantages of VeraCrypt compared to other options
One of VeraCrypt's greatest strengths is that it uses robust cryptographic algorithms such as AES, Serpent, Twofish, Camellia or Kuznyechik, in addition to allowing cascaded combinations to further increase security.
The program uses XTS mode for disk encryption and PBKDF2 key derivation with a large number of iterations, which greatly complicates brute-force attacks on the password.
Your condition of free and open source software It adds an extra layer of transparency: the code is available for independent audits. In fact, companies and organizations such as QuarksLab and the German BSI have reviewed VeraCrypt, detecting and helping to correct vulnerabilities in previous versions.
Compared to TrueCrypt, VeraCrypt incorporates significant security improvements: correcting errors in the EFI boot manager, strengthening the protection of hidden volumes, increasing the number of iterations in key derivation, and constantly patching any reported problems.
On a practical level, it stands out for its relative ease of useThe interface isn't as "pretty" as some other commercial solutions, but the volume creation wizard guides the steps well and allows users without advanced skills to configure it after a short learning curve.
Most relevant pros and cons
Before you rush to encrypt half a disk, it's worth considering the main advantages and disadvantages from VeraCrypt to see if it fits your case.
Among the clearest advantages, we find a completely free toolIt's license-free, open-source, and offers a very high level of security. It runs on Windows, Linux, and macOS, is available in Spanish, and offers several encryption algorithms to choose from.
On the downside, it requires a minimum of knowledge To avoid making a mistake: the assistant helps, but it's not as simple as those apps that encrypt a single file with two clicks. Also, for protecting individual files, it might be less convenient than an encrypted ZIP file if you only want to send a single document.
Download, installation, and portable mode
VeraCrypt is downloaded exclusively from its Official Site, where the versions for Windows, Linux, macOS, FreeBSD appear and even the source code for anyone who wants to audit or compile.
After downloading the installer on Windows, a wizard is launched that allows install the program on the system or extract it in "portable" modeIf your goal is to encrypt the system disk or its partition, installation is mandatory; for encrypting USB drives or external disks, portable mode is very practical.
Using portable mode lets you copy the VeraCrypt executable itself to an unencrypted part of the USB driveso that you can decrypt your data on any PC without having to install the program there.
During the standard Windows installation, you can choose whether to create shortcuts on the desktop and Start menu, and upon completion, a beginner's guide Highly recommended for understanding the basics of volumes, containers, and full system encryption.
On Linux, it's usually distributed as a compressed file that includes console and graphical interface versions for 32-bit and 64-bit architectures. After downloading it, the ideal thing to do is verify SHA512 checksum using the appropriate command and compare it with the one published by the project, making sure that the file has not been manipulated.
Once integrity is verified, the files are extracted and the installer is run (from a graphical environment or terminal, depending on the distribution). The wizard will display the license, request the user password, and will copy the VeraCrypt binaries to the systemAfter that, it will appear in the applications menu like any other program.
Creating a “normal” encrypted volume (container)
The first typical use of VeraCrypt is to generate a encrypted container filewhich will then be set up as a virtual disk where you can store your confidential files.
In the program's main window, select a free drive letter and click on “Create Volume”The assistant will ask you what you want to create, and you must select the appropriate option. “Create an encrypted file container”.
In the next step, choose “Create a common VeraCrypt volume”, leaving the hidden mode for later. Then tap on “Select file” and decide where the container will be stored (for example, on the Desktop or on an external disk), giving it an identifiable name.
Once the route has been chosen, it's time to select the symmetric encryption algorithm and the hash algorithmBy default, VeraCrypt proposes AES for encryption and SHA-512 for hashing, very secure configurations these days.
If your CPU supports AES-NI, AES will generally be the fastest and most recommended optionYou can use the program's "Comparison" or "Benchmark" function to measure the performance of different algorithms on your computer and confirm which one is the most efficient.
Regarding the hash, SHA-512 offers excellent security; however, SHA-256 is usually a good balance between security and speed, and in current equipment the practical difference is minimal.
The assistant will now ask you to indicate the volume sizeYou can express it in KB, MB, GB, or TB. Next, you must define the authentication: password, key file, or a combination of both. The password must be long and complex; if it is too short, VeraCrypt will warn you that it could be vulnerable to brute-force or dictionary attacks.
In this phase you can also activate the use of key fileThis tool converts any file (for example, an image or an MP3) into part of the "password." You can even generate a new key file using random mouse movements for a few seconds.
Next, you will have to choose. the volume's internal file systemUse FAT if you won't be storing files larger than 4 GB, or exFAT/NTFS if you'll be storing large files. Before formatting, move your mouse within the VeraCrypt window until the entropy bar turns green; this increases the randomness of the internal keys.
When you click "Format," the volume creation process will begin; this may take anywhere from a few seconds to several minutes depending on the size and speed of your drive. Once finished, the wizard will display a success message, and you can close it by clicking "Exit."
Mounting and dismounting the encrypted volume
Once the container has been created, the next step is Install it so you can work with your filesFrom the VeraCrypt main window, choose a free drive letter, click "Select File", point to the container and click "Mount".
The program will ask you for the password and/or key file that you configured. If the data is correct, the container will be mounted as a new drive (for example, “Local Disk E:”) that you will see in File Explorer.
Everything you copy into that drive will be saved real-time encryptionWhen finished, simply click on “Unmount” or “Unmount all” in the VeraCrypt interface; the drive will disappear from the system and the container file will once again be unreadable without the key.
Hidden volumes: plausible negation
One of VeraCrypt's most powerful (and little-known) features is the ability to create a hidden volume within anotherdesigned for situations where you may be forced to reveal a password.
The idea is simple: the “external volume” has a password (for example, 112233) and contains reasonably sensitive, but not critical, data. Within that same file, there is a hidden volume with a different password (for example, 11223344) where you will store the really sensitive information.
If someone demands the password, you can reveal the one from the external volume and assemble only that part. The existence of the hidden volume is cryptographically undetectable, so the attacker cannot prove that there is anything else.
To create it, go back to “Create Volume”, choose “Create an encrypted file container” and this time select “Hidden VeraCrypt Volume”Using the wizard's normal mode, the external volume is first configured (encryption, hash, size, password, and file system), formatted, and then the wizard guides the creation of the internal volume with its own configuration.
It is crucial to leave sufficient free space within the external volume This is to prevent the data you put there from overwriting the area where the hidden volume resides. For example, if the container is 50 MB and the hidden volume is 25 MB, you shouldn't fill the external volume beyond about 24-25 MB to avoid overloading the internal one.
Mounting is done as usual: select the container file, choose the drive, and click "Mount". According to the password you enterThe external or hidden volume will be mounted, without the system or an external observer being able to distinguish it.
Encrypt USB devices, SD cards, and external hard drives
If you usually carry sensitive data on USB drives or external hard drives, the wisest thing to do is encrypt the entire unitThat way, if you lose it or it gets stolen, nobody will be able to read the contents.
With the memory card connected, open VeraCrypt and press “Create Volume”This time choose “Encrypt partition/secondary drive”, since this is a device that does not contain the operating system.
The assistant will allow you to choose between a common volume or a hidden volume; if it's your first time, a regular volume is usually sufficient. Then click "Select device" and choose the partition corresponding to the USB drive or external hard drive (for example, drive E: with 3,7 GB).
VeraCrypt offers two modes: “Create an encrypted volume and format it” (Erases everything and is faster) or “Encrypt partition while preserving data” (Keeps the content but takes much longer). If you don't need to keep anything, the simplest option is a full format.
Then, just like with the container, you configure the encryption algorithm and hashYou define the authentication (password and/or key file), move the mouse to generate entropy, and click "Format." The process can take anywhere from a few minutes to considerably longer, depending on the device's capacity and speed.
When finished, Windows will warn you that the drive is not accessible and suggest formatting it. You must always cancel that message and mount the memory through VeraCrypt, selecting the device, assigning a drive letter, and entering the password. You will see something like “USB Drive E:” (physical hardware) and “Local Disk F:” (mounted encrypted volume) in the system.
When you're finished using it, return to the VeraCrypt interface and use “Dismount” or “Dismount all” before physically removing the USB drive to avoid corrupting data.
Full encryption of the operating system in Windows
VeraCrypt also allows Encrypt the partition or the entire disk where Windows is installedThis includes the system, programs, and user files. This process requires more care, but it strengthens security on laptops and devices susceptible to theft.
The first thing, before touching anything, is make a full backup of your PC with tools like Acronis True Image or similar, and assume that if you forget the boot password you could lose access forever.
In the main window, click on “Create Volume” and select “Encrypt the entire system partition/drive”The assistant offers two modes: “Normal” (standard encryption) or “Hidden” (a hidden operating system within a visible one, intended for extreme cases of coercion).
In most scenarios, the mode is sufficient. normalYou will have to choose whether to encrypt only the Windows partition or the entire disk; if you have several operating systems in multi-boot configuration, the wizard will ask for the settings, but on most home computers it is enough to select “Single boot”.
Then you define the encryption algorithm, hash, and password or cryptographic keyVeraCrypt generates the internal keys and proposes creating a Rescue Discwhich should be kept safe to recover the boot in case of physical problems or bootloader corruption (provided you remember the password).
The assistant also allows you to set a secure deletion policy for files deleted within the encrypted system, using different overwriting methods to reinforce privacy.
Before proceeding to the actual encryption, VeraCrypt performs a boot testIt configures the bootloader, restarts the computer, and prompts you to enter your password. If everything works correctly, Windows will start normally, and the program will begin encrypting the disk in the background. During this time, you can continue using your computer, although it will be somewhat slower.
From that moment on, every time you turn on your PC you will see a VeraCrypt prompt before Windows loadsOnly someone who knows the password will be able to start the system.
Other ways to encrypt files and folders in Windows
Although VeraCrypt is very complete, in Windows 10 and later versions there are other encryption options which may be simpler for specific cases.
One of them is the integrated encryption of the system itselfSimply create or select a folder, right-click → Properties → Advanced options and check “Encrypt contents to protect data”. The files in that folder will appear with a yellow padlock, indicating that Only your Windows account can read them.
However, when you have an open session, the system automatically decrypts those files, so if someone accesses your session without locking it, they will be able to see them. This encryption is primarily used to prevent... other local team accounts access that data.
Another popular alternative is to use a ZIP file encrypted with 7-ZipThis free compressor lets you create password-protected .7z or .zip files using AES-256 encryption. It's very handy for sending one or more documents protected by mail or store them temporarily, although it does not replace a disk or volume encryption scheme like VeraCrypt.
There are also specific programs such as Anvi Folder Lockerwhich offer encryption, folder hiding, and password protection through a very guided interface, although in return you lose the transparency and auditability of an open source solution.
Encrypting USB drives in Ubuntu using system tools
If you use Linux, specifically Ubuntu, you don't necessarily need VeraCrypt to encrypt a USB driveThe system itself offers a simple option from the "Disks" utility.
With the USB connected, open "Disks" and select the corresponding drive. Press the button setting and select “Format Volume”. In the formatting dialog box, select the option to deletion (e.g., overwriting with zeros) and as volume type select “Encrypted, compatible with Linux systems (LUKS + Ext4)”.
The assistant will ask you for a name for the volume and a strong passwordUbuntu will visually indicate the strength of the key: uppercase and lowercase letters, numbers and symbols combined randomly are the best recipe.
Clicking "Format" will begin the complete erasure and encryption of the drive, a process that may take a few minutes depending on its capacity. Once finished, Ubuntu will prompt you to format the drive each time you connect it. LUKS password before mounting it and viewing files.
Why encrypt your files and devices?
Encryption isn't just "for paranoid people"; there are many everyday scenarios in which Having the data clear is an unnecessary riskboth in personal and professional settings.
If you upload documents to the cloud (Google Drive, Dropbox, OneDriveetc.), you must assume that security breaches can occur or unauthorized access by administrators or attackers. Encrypting files before uploading them, for example with a VeraCrypt container, adds an extra layer of protection that is vendor-independent.
On shared computers, whether at home or at work, encrypting certain folders or volumes prevents... other users with physical access the computer can read documents that are not intended for them.
From a cybersecurity perspective, encryption reduces the impact of Trojans, ransomware, or remote intrusionsEven if an attacker manages to gain access to the system, it will be much more difficult for them to understand or exfiltrate the information if it is protected with strong encryption.
In the professional world, many laws and regulations They require encrypting personal and sensitive data: the LOPD and the General Data Protection Regulation (GDPR) in Europe, the CCPA in California or Law 25.326 in Argentina contemplate encryption as a recommended technical measure or directly mandatory depending on the type of information processed.
Companies in sectors such as banking, healthcare, public administration, law firms, or trade secret protection They are required to apply high levels of security, including encrypting portable media, employee laptops, internal whistleblower files, and other critical repositories.
Even in everyday use, encrypting USB drives and portable hard drives reduces potential damage if You lose one of these devicesWithout encryption, anyone who finds it has access to everything; with VeraCrypt or LUKS, they will only see unintelligible data.
Risks and disadvantages of encryption (and how to mitigate them)
Encryption has many benefits, but it is not without its drawbacks. risks and tolls that you need to be very clear about before launching.
The greatest danger is losing the password or the key fileIf you forget that information, there is no "magic button" to recover data: the encryption is precisely designed so that no one without the key can access it, not even the software author.
Another consequence is the impact on performanceAlthough with modern hardware and AES-NI it is usually manageable, encrypting large volumes or entire disks involves more CPU load and a slight decrease in read/write speed, particularly if you choose very heavy or cascaded algorithms.
There are also issues of compatibilityNot all systems understand all encryption formats and methods. Moving VeraCrypt volumes between different operating systems requires having the program installed (or in portable mode) on all of them, which can be a drawback in certain environments.
There is also a risk of data corruptionIf an encrypted volume suffers header or critical sector damage, you might lose not just a single file, but the entire container. This underscores the importance of creating backups and using VeraCrypt's "Backup Volume Header" feature.
Finally, many encryption methods rely on a specific software for decryptionIf in a few years that program stops working on modern systems or if there isn't a compatible version, you could find yourself with volumes you can't open. In this respect, VeraCrypt has been active for years and has a strong community behind it, which significantly mitigates this risk.
VeraCrypt in the corporate and professional world
Beyond domestic use, VeraCrypt is a A very interesting tool for companies, NGOs, and professionals who handle sensitive information and need to maintain strict control over who accesses what.
Being operating system independent and using standards such as AES, Serpent, Twofish and robust hash functions, it complies with the recommendations from many universities and security agencies who advocate for auditable solutions based on industry-accepted algorithms.
In a serious corporate implementation, the first step is identify and classify the assets: what equipment, disks and data types require encryption (e.g., sales laptops, backup disks, external drives leaving the office, etc.).
From there they are defined internal encryption policies such as “all external devices leaving the corporate perimeter must be encrypted with VeraCrypt” or “laptops containing customer data must have their system partitions encrypted.” Criteria are also set for minimum password strength, the use of key files, and parameters such as the PIM (Personal Iterations Multiplier), which further strengthens key derivation.
The deployment can be automated by scripts or administration tools such as Microsoft SCCM, Intune, Ansible, etc., using silent installations and XML configuration files to standardize settings across all computers.
A good one is essential management of header backups and rescue disksas well as integration with corporate password managers (KeePassXC, Bitwarden Enterprise, Vaultwarden, etc.) so that the IT department can manage access without resorting to loose sheets or insecure notes.
La internal training It is also key that users learn how to mount and unmount volumes, how not to disconnect a device without first unmounting it, how not to share passwords, and how to use hidden volumes correctly, if applicable.
In terms of regulatory compliance, the use of VeraCrypt helps to demonstrate diligence in the protection of data against audits and supervisors, fitting within frameworks such as ISO 27001, NIST or the GDPR itself, which mentions encryption as a recommended technical measure.
Secure password and key management
The strength of VeraCrypt depends on both the algorithm used and how you manage your passwordsAn excellent encryption scheme with a weak or poorly stored password is a house of cards.
To begin, the keys must be generated with cryptographically secure methods and with suitable lengths (e.g., AES-256) that make brute-force attacks impractical.
Never keep the password next to the encrypted volumeNor should it be stored in a text file on the USB drive itself. Use robust password managers or key management systems (KMS), and if the security level warrants it, hardware devices such as HSMs.
In corporate environments, it is advisable to define roles and permissions clear rules about who can create, read, rotate or revoke keys, and keep logs of all those events for auditing purposes.
schedule a periodic password rotation Having clear revocation procedures in place for any suspected leaks helps to limit the damage in the event of an incident.
Backups of keys, volume headers, and rescue disks must be stored in separate and safe placesnever on the same device they encrypt. Automated tools for managing the key lifecycle reduce human error and operating costs.
Comparison with other encryption solutions
The enterprise encryption ecosystem offers a wide variety of solutions, and it's important to be clear about which ones to use. What does VeraCrypt offer compared to alternatives? such as BitLocker, Symantec Endpoint Encryption or NordLocker.
Compared to BitLocker, VeraCrypt stands out for its open source, auditability and cross-platformIt offers advanced features such as hidden volumes and does not depend on Windows integration. In contrast, BitLocker usually has a improved performance and integration with TPM and Active Directory, and its centralized deployment is more convenient in pure Windows networks.
Compared to commercial suites like Symantec Endpoint EncryptionVeraCrypt lacks a corporate management console, centralized policies, or paid support, but it gains in flexibility, cost (it's free), and technical transparency.
Compared to tools like North LockerFocused on file encryption and cloud synchronization with a zero-knowledge architecture, VeraCrypt is more focused on disk and full volume encryption, with greater control over local infrastructure.
NGOs, activists, journalists, and tech SMEs often find a solution in VeraCrypt. Powerful, license-free, and with technical guarantees to protect data on laptops, USB drives, and backups, even for extended periods of time.
In short, if you're looking for a balance between strong security, transparency, and flexibility, VeraCrypt is a very solid piece of protection. files, folders, USB drives and entire disksprovided you take your share of responsibility for the secure management of passwords, backups, and updates. Share the information and more people will know about the topic..