option 1 don't bother encrypting unless its got sensitive or Illegal stuff on... option 2 vera crypt maybe? i've used it on a few systems
NOT This.
↑
Encryption is a one-time set up, fairly easy and runs at the cost of five seconds to enter an extra password (depending). You're bound to end up saving something on there you don't want to strangers to read and frankly, it's an added piece of mind when your computer gets stolen to know they aren't reading your emails or whatever.
There are several ways of doing encryption. Some approaches are whole-disk encryption, others just encrypt specific folders or partitions. Some technologies, such as BitLocker and Veracrypt can do either. Veracrypt is a replacement for the old Truecrypt software and is good and fairly simple to use. Bitlocker is integrated with Windows 10 and pretty seamless and is my preferred approach on Windows. N.b. some of its features are only available on Windows Professional unless that's changed so if you have Home edition you may be out of luck. You'll have to check.
Basically, hit your Windows key and type "Manage Bitlocker". It's
almost self-explanatory from there. But a few things you need to know.
1/ Bitlocker is designed to work with something called TPM (Trusted Platform Module). This used to be an actual hardware module sitting on the motherboard but these days some CPUs have it built in. You can also get "firmware TPM". None of these are quite as good as a proper module but so long as there's something there that Bitlocker accepts as TPM you should be good to go. If your laptop was certified for Windows 10 (and if it came with Windows 10 on it) then it will have this because Microsoft made it a requirement on manufacturers for certification.
2/ Bitlocker creates a password and key for the encrypted drive. You will want to back this up somewhere. If you are signing in with a Microsoft account, you can actually back your keys up to Microsoft and I think it will actually prompt you for this. If you're trying to secure your laptop against thieves there's no reason not to do this - it's extremely convenient and helpful in the case you have a problem. If you're trying to secure your laptop against the FBI you will want to back up your keys to a USB drive, disc or printout.
3/ There's a performance hit with an encrypted drive. If you have a remotely modern CPU it almost certainly has built-in hardware support for encryption (you'll be looking for "AES extensions" as the key words). In this case, the performance hit is pretty much unnoticeable and encryption is certainly worth the cost. If you have an old processor that doesn't support it, I would not because the hit suddenly becomes quite noticeable. (Like 10%+ noticeable).
N.b. some drives come with their own encryption, like Samsung's EVO 970 Pro. Nothing wrong with using this either. But you may find Bitlocker slightly more convenient.
Hope this helps!
EDIT: You can use Bitlocker without TPM. It's not on by default in that case but can be enabled. In that scenario it just uses a straight password to encrypt the drive but that's still enough to deter non-Cryptography Experts. It wont keep out Bruce Shneier, though.
