Encryption is a method of securing data by scrambling the bits of a computer's files so that they become illegible. The only method of reading the encrypted files is by decrypting them with a key; the key is unlocked with a password.

Available To 
Students, Faculty, Staff, Affiliates

Benefits and key features

Whole disk encryption protects everything on a disk drive – including the operating system. Even files you may not know about that keep exact copies of data that you've been working on, such as temporary files are encrypted.

  • Data is protected while a computer is turned off or in sleep mode, as long as the hard disk is password protected.
  • Most useful on hardware that is likely to be lost or stolen (e.g., laptops and USB drives), but can be enabled on desktops as well.
  • A key recovery process is available for managed computers in the WIN.MIT.EDU domain in the event of a lost password.
  • The whole disk can be decrypted with the assistance of a local IT administrator.
  • Users who are not in the WIN.MIT.EDU domain must save their password and key in a safe place, such as LastPass.
  • Encryption does not protect a machine against malware.


Windows 7, 8, or 10
Mac OS X 10.9 or later

Getting started

Note: Visit Encryption at MIT to learn about options and recommendations. Contact the Service Desk if you are unsure whether you should be using whole disk encryption for compliance with data security regulations.