Disable paging files for your VeraCrypt volume (to avoid having unencrypted parts of your files stored by Windows outside of RAM when the memory does not have enough space). You will need to have already created a volume to do this. This step also needs to be repeated every time you create a new volume.

1. Mount your VeraCrypt volume on an unoccupied drive.

2. Navigate to the My Computer/My PC icon, right-click and select Properties from the drop-down Menu.

3. This will open up the About section of the Settings Menu. Select Advanced system settings. Windows will ask you for permission to change system settings. Select Yes.

​​​​​​

4. The System Properties window will open on the Advanced tab, as shown in the picture. Under Performance, click the Settings button.

5. Navigate to the Advanced tab once again and under Virtual memory click on the Change button.

6. In the Virtual Memory window, first deselect Automatically manage paging file size for all drives, then select the drive you mounted the VeraCrypt volume on, select No paging file and click the Set button.

​​​​​​​

Memory dump files are files Windows creates to recover information after an error occurs. Since these files are unencrypted, VeraCrypt information (such as the master key or part of the file stored in the volume) might be recorded in them and stored. To avoid this happening, disable memory dump file generation at least for the session when you use VeraCrypt volumes (even if you just mount them).

1. Navigate to the About section of the Settings Menu again and select Advanced system settings.
2. In the Advanced tab, which opens automatically from the previous step, click the Settings button in the Startup and Recovery section.

3. In the resulting window, select (none) under the Write debugging information section. Then click Ok.

Hibernation files are files that Windows creates when entering power saving mode. These files contain information that Windows uses to restore all processes once it exits power saving mode. This means that information stored on a VeraCrypt volume you were working with, the master key of the mounted volume and/or other information contained in your VeraCrypt volume might be written on disk unencrypted by Windows. To avoid this occurrence, follow these steps. Warning: Keep in mind that the best way to avoid this, is to manually dismount all VeraCrypt volumes when done and shut down the computer for a few minutes (the longer, the better) before turning it on again.

1. Open VeraCrypt and select the Settings Menu

2. Select the Preferences Menu

3. Tick the Entering power saving mode choice (red box), then confirm your selection by clicking Ok.

In order to give as little as possible information away to an unauthorized user, VeraCrypt preserves the date of creation of the files contained in a volume. This means that if you modify a file in the volume, VeraCrypt will not change the date the file was modified. This is not a problem, unless you want to synchronize your VeraCrypt folder (once encrypted and dismounted) with a cloud service. The cloud service will check the modification date of the data contained in the volume and the volume itself, and will see no changes were made, even if you did modify the files. 

To prevent this from happening, there are two easy steps you can follow:

1. Click on "Settings", as shown in the figure, then select "Preferences...".

2. A new window will appear. You can then deselect the option in the red box, then click "OK". VeraCrypt will now update the date the file was modified, intead of preserving the original date.

IMPORTANT: Please make sure to regularly check whether your synchronized files are indeed what you have been working on. Please do this even if you have followed this guide on how to disable this option.

1. Unless you have encrypted your entire system (which carries its own risks and should not be done on your own) VeraCrypt cannot avoid writing unencrypted information to RAM. This will always carry a risk of data leaks happening if the user doesn’t employ some precautions. The main one being that you DO NOT want to shut down your computer or leave it to hibernate with a VeraCrypt volume still mounted. Make sure that you ALWAYS dismount ALL your VeraCrypt volumes whenever you are done. This allows VeraCrypt to erase information on your Master Keys from RAM. ALSO, make sure that you shut down your computer right after, and LEAVE IT TURNED OFF for a few minutes. This will ensure that no information on your VeraCrypt volume files is retained when turning your machine back on.
2. VeraCrypt can only secure your volumes/system if you are the only person able to physically access your machine. In case someone else has access to your machine, malware or other malicious software capable of recording your passwords might have been installed on it. This also holds true if you have been given a machine by somebody other than the RUG. Should your computer/drive be easily accessible to other people, then we kindly ask you to contact the DCC (dcc@rug.nl) to discuss strategies on how to ensure that your data remains protected.
   1. Examples of an easily accessible machine are:
      1. You work on a shared workstation that is not specifically yours. Other people will sign into that machine after you leave.
      2. Your computer is provided by an organization you collaborate with and is not your own.
      3. You work in an office with multiple people and cannot lock your machine when you leave the office.
      4. Your machine is constantly connected to an internet connection that is not secure/that might be intercepted by people you don’t want to share your data with.
3. If your machine is not easily accessible, but you suspect that at some point someone gained access to it and could have compromised it, then VeraCrypt could be entirely unable to secure your data. In that case, please make sure NOT TO MOUNT AND WORK with a VeraCrypt volume until you have contacted the DCC (ddc@rug.nl).
4. The same goes if you suspect that your machine might have been infected by malware. Keep in mind that making sure your machine is up-to-date is a good way to reduce the chance of malware infection.
5. When choosing a password, make sure that you choose a strong one. VeraCrypt details what a strong password is, both when prompting you to choose it and in its manual. In short, choose a sequence of words, rather than a single word, use both upper and lower case and special characters. Your password should at least be 20 characters long. (Example: Song lyrics are a good inspiration if you don’t know where to start).
6. Changing password and keyfile(s) does not change the masterkey of the encryption. The masterkey is an element of your volume’s header that ensures the correct interpretation of the encrypted data in combination with your password and keyfiles. Should you suspect that someone gained access to your password(s) or keyfile(s), changing password will not protect your data if they gained access to the masterkey. In short, having access to the masterkey is already enough to ensure decryption by brute force methods.  In such a case we ask you to disconnect your machine or your VeraCrypt volume(s) from any point of access (internet access, USB drives, or other) and to please contact the DCC (dcc@rug.nl) immediately.
7. Should you be working on a machine where you DO NOT have administrator privileges, we advise you to not use VeraCrypt on it. Find a machine where you are administrator and use that machine. This is because the administrator of a machine you are using might be able to see what you used or what you did with VeraCrypt. They might not have access to your data, but can potentially log your activity.
8.  If you are using keyfiles, you can store them in single copy on a separate device (e.g. a USB stick) for an added layer of security. Please keep in mind that if you lose the USB stick, you lose access to your data. We then advise you to have a second back-up USB stick containing the keyfiles for such emergencies. Also, if you have lost the USB stick, your keyfiles need to be changed. Please contact the DCC for this.

Should you have any other questions regarding possible risks of data loss or weaknesses in VeraCrypt security, please contact the DCC (dcc@rug.nl). We will be glad to address your concerns.