6 Popular Operating Systems Offering Encryption by Default

Popular operating systems are increasingly using encryption by default, giving everyone the benefit of encryption without the hassle. This helps protect your data from device thieves.

In some cases, this encryption is automatically enabled. In other cases, it’s offered as an easy option you can enable with a single click in the operating system’s installer or first-time setup wizard.

Windows 8.1

Windows 8.1 offers a default encryption feature known as “device encryption.” This only works on new hardware that comes with Windows 8.1 as well as other required hardware features.

Overall, this is the least useful type of encryption here. It won’t work on all Windows 8.1 systems, especially ones you’ve upgraded to Windows 8.1 from an older version of Windows. It also forces you to send a copy of your recovery key to Microsoft (or your organization’s exchange server), so this type of encryption is vulnerable to social-engineering attacks as well as law enforcement requests.

Still, device encryption is at least better than no encryption at all. Professional editions of Windows offer BitLocker, but it isn’t enabled by default — you’ll need to get a more expensive edition of Windows and go out of your way to enable it.

Mac OS X 10.10 Yosemite

Mac OS X Yosemite wants you to set up encryption by default when you install it. All drives are now automatically prepared for FileVault encryption, and you’re prompted to enable it when you set up a new Mac.

The Mac’s FileVault feature allows you upload a copy of your recovery key to Apple so you can recover your files via your Apple ID if you ever lose your password. However, unlike with Windows 8.1’s encryption, this feature isn’t mandatory. You can choose to print out your recovery key or store a digital copy somewhere locally.

Linux

Linux distributions often offer easy encryption, too. It’s not necessarily enabled by default, but you’re prompted to enable it with a quick checkbox while installing your Linux distribution of choice. For example, Ubuntu prompts you to enable encryption when you install it. Other Linux distributions generally provide a similar option in their installers.

Chrome OS

Chromebook’s storage is encrypted by default, too. This prevents people from accessing the data on them without your Google password, offering more security. Of course, if someone could change your Google password via a social-engineering attack, they’d be able to gain access to your files — but it isn’t designed to protect against that. It’s just an easy-to-use layer of encryption that makes your Chromebook more secure, even if you have sensitive business documents in your Downloads folder or sensitive emails cached online.

iOS 8

iOS 8 uses encryption by default. Your data is protected with your passcode — either a four-digit PIN or a password of any length. This is used along with your iPhone or iPad’s UID to encrypt your data, so an attacker would have to attempt to brute-force your passcode on the device itself. They can’t just remove its storage, connect it to a computer, and attempt to brute-force your short passcode from there.

This “data protection” is enabled by default, but it’s activated only when you enter a PIN or other device-unlocking passcode. If you didn’t require a PIN, it wouldn’t help you — anyone could just boot your phone or tablet right up.

Android 5.0 Lollipop

After years of offering an optional encryption feature, the latest version of Android — Android 5.0, also known as Android L or Android Lollipop — will now enable encryption by default. Like iOS, Android reuses the lock screen passcode for this. Your passcode can be a four-digit PIN, but it could also be a longer password. In an improvement from Android 4.4’s encryption, Android 5.0 uses a hardware-based credential to make this stronger, so brute-force attempts would have to take place on the device itself. You can’t just pop out an Android device’s storage and attempt to crack the user’s passcode.

Encryption is enabled by default, so it won’t require sitting through a long encryption process, as it does on older versions of Android. As on iOS, it won’t help you much if you never set a passcode to unlock your device, as anyone could just boot your device right up.


It’s worth noting that both Windows Phone and Windows RT also offer a “device encryption” feature. It works similarly to the feature that made its way over to the desktop version of Windows with Windows 8.1.

Image Credit: Yuri Samoilov on Flickr

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Twitter.