Device encryption hides your data behind unreadable code that only your passcode or recovery key can unlock, and the steps vary by operating system.
A phone left in a taxi or a laptop stolen from a coffee shop turns your private data into someone else’s find — unless the device was encrypted before it disappeared. How to encrypt a device depends on the operating system, but the result is the same: your files, photos, and messages become unreadable code that only your passcode or recovery key can unlock. This guide walks through the exact steps for Android, Windows, and iPhone, plus the pitfalls that can erase everything if you skip the prep.
What Is Device Encryption?
Encryption converts your stored data — apps, accounts, documents, everything — into scrambled ciphertext that is gibberish without the correct decryption key. On a phone or laptop, that key is your lock-screen PIN, pattern, password, or a recovery key tied to your account. Once encryption is on, anyone who powers up the device without your credentials sees nothing usable. Google’s cloud security team defines encryption as protecting data by turning it into code that only the right key or password can unlock.
Built-in device encryption is available on most modern phones and computers. The catch: it is not always turned on by default, and on some platforms you have to flip a specific setting to activate it. Each OS handles the process a little differently.
How To Encrypt An Android Phone Or Tablet
Android includes a built-in encryption tool, but the menu path depends on which version of Android your device runs. On both older and newer versions, you need to set a secure lock screen before encryption becomes available.
For devices running Android 5.0 through 6.0, open Settings > Security or Security & Location > Screen lock. Choose a Pattern, PIN, or Password, then select Require to start device. The first time you enable that option, the phone begins encrypting itself. You will need to leave it plugged in and set aside an hour or more — the process cannot be interrupted without risking data loss.
On Android 4.4 or lower, go to Settings > Security & Location > Encryption > Encrypt phone/tablet, enter your lock-screen credentials when prompted, and confirm. The device will restart and encrypt, showing a progress indicator.
Critical warnings from Google’s official guide: schedule the encryption when you do not need the device for at least an hour, keep it plugged in the whole time, and back up everything first. If the battery dies or the process is interrupted, you could lose data. After encryption on older Android versions, turning it off requires a factory data reset, which erases everything. Users of accessibility services like TalkBack should also know those tools will not be available at startup — you must enter your PIN or password unaided at boot.
| Platform | How To Start Encryption | Key Requirement |
|---|---|---|
| Android 5.0–6.0 | Settings > Security > Screen lock > Require to start device | Pattern, PIN, or password set; device plugged in; backup done |
| Android 4.4 or lower | Settings > Security & Location > Encryption > Encrypt phone/tablet | Lock-screen credentials set; battery above 80% or plugged in |
| Windows 10 | Settings > Update & Security > Device encryption > Turn on | Administrator account; hardware support; BitLocker-capable device |
| Windows 11 | Settings > Privacy & Security > Device encryption > Toggle On | Administrator account; hardware support; BitLocker-capable device |
| iPhone / iPad | Set a passcode — hardware encryption activates automatically | Passcode or Face ID / Touch ID enabled; iOS 4+ on compatible hardware |
| Removable media | Use AES encryption via third-party tool or OS disk utility | Compatible tool; strong unique password; backup before encrypting |
How To Encrypt A Windows PC
Windows calls its built-in encryption Device encryption, and it uses BitLocker technology to encrypt the operating system drive and any fixed drives automatically. The feature is available on many Windows 10 and Windows 11 devices, but not all hardware supports it.
To turn it on, sign in with an administrator account. On Windows 11, open Settings > Privacy & Security > Device encryption and toggle the switch to On. On Windows 10, the path is Settings > Update & Security > Device encryption. If you do not see the option, your device may not support it, or you may not be signed in as an administrator.
To check whether your PC can use Device encryption, open System Information and look for Automatic Device Encryption Support or Device Encryption Support. If it reads “Supported,” the feature is available. If it is missing, the hardware or firmware does not meet the requirements. Microsoft’s Device encryption documentation spells out which editions and hardware configurations qualify.
Once toggled on, the encryption runs in the background. You can keep using the computer while it works. After completion, the toggle shows On, and the system drive appears as encrypted in BitLocker management tools. If you ever need to turn Device encryption off, you can do so from the same settings screen — no factory reset required.
Does Your iPhone Need Manual Encryption?
iPhones and iPads with an A4 or M-series chip use hardware-based encryption that is always active — there is no separate “encrypt now” toggle to flip. Starting with the iPhone 3GS, Apple included a dedicated encryption engine in the hardware. Setting a passcode, Face ID, or Touch ID effectively unlocks that hardware encryption when you authenticate.
For personal devices, setting a strong alphanumeric passcode in Settings > Face ID & Passcode or Touch ID & Passcode is all it takes. The encryption is built into the Secure Enclave and cannot be disabled as long as the device is locked with a passcode. On managed or corporate devices, MDM profiles can enforce additional encryption policies or require specific security configurations, but the core hardware encryption is always present.
The practical result: if your iPhone is locked with a passcode and the device is running iOS 4 or later, the data on it is encrypted at rest. No separate step is needed.
How To Encrypt Removable Media And USB Drives
USB drives and external hard drives are often the weak link. They move between computers and are easily lost, making encryption more essential than on a device that stays in your bag. UC Berkeley’s security guidelines recommend using AES (Advanced Encryption Standard) whenever possible for removable media, and never reusing passwords from other systems or storing the password with the drive itself.
After encrypting a removable drive, verify that the encrypted copy works before deleting the original, securely erase the unencrypted version using a wiping tool, and label the media with the title, data owner, and encryption date. Store it in a locked location when not in use.
| Mistake | What Goes Wrong | How To Avoid It |
|---|---|---|
| Skipping a backup before encryption | Interruption or error during encryption can corrupt the data permanently | Back up everything to another drive or cloud service before starting |
| Letting the battery die during Android encryption | Partial encryption can cause total data loss | Keep the device plugged in for the full duration; start with a full charge |
| Forgetting that older Android encryption requires a factory reset to undo | Users enable encryption not realizing they cannot reverse it without wiping the device | Know before you start: on Android 6.0 and earlier, decryption = factory reset |
| Not checking Windows hardware support first | Wasted time hunting for a feature the device does not have | Check System Information for “Device Encryption Support” before attempting |
| Using the same password for encrypted media as other accounts | A compromised password from another service can unlock the media | Use a unique, strong passphrase for each encrypted drive |
| Storing the encryption password with the drive | Anyone who finds the drive also finds the key | Store the password in a separate password manager or offline vault |
Common Encryption Mistakes That Wipe Data
Encryption is safe when done correctly, but a few common errors turn the process into a data-loss event. Skipping a backup is the most frequent — an unexpected power loss or software hiccup can corrupt a partially encrypted drive, and without a backup the data is gone. Google and UCSF’s IT guidance both stress copying everything first and verifying the copy before touching the original.
Interrupting Android encryption is the second most common. Google’s own instructions warn that if the process is interrupted, you might lose information on the device. The fix is simple: plug the device in, schedule the encryption when you won’t need the phone for an hour, and do not touch it until the progress bar finishes.
On older Android versions, turning encryption off requires a factory data reset, which erases all data. Anyone encrypting an older device should be certain they want it permanent before starting. For users who rely on accessibility services such as TalkBack or Bluetooth-paired accessibility hardware, note that those services will not be available at boot — the PIN or password must be entered manually before assistive tools load.
Keeping Your Encrypted Device Safe Long-Term
Encryption is only as strong as the credentials that protect it. A weak PIN or a shared password undermines the whole system. Use a strong screen lock — at least six digits on a phone, a full password on a laptop — and keep the device updated with the latest OS security patches, which fix vulnerabilities that could bypass encryption entirely.
Back up your data regularly on a schedule, not just before major changes. Maintain good key management if you use recovery keys: store them in a password manager or a safe place separate from the device. An encrypted device with a lost recovery key is a brick — the data is perfectly safe from thieves and equally unreachable by you. Taking those few extra steps at the start means the difference between a secure device and a locked-out one.
References & Sources
- Microsoft. “Device encryption in Windows.” Official documentation for enabling BitLocker-based device encryption on Windows 10 and 11.