BitLocker is a tool built into Windows that lets you encrypt an entire hard drive for enhanced security. Heres how to set it up.
When TrueCrypt controversially closed up shop, they recommended their users transition away from TrueCrypt to using BitLocker or Veracrypt. BitLocker has been around in Windows long enough to be considered mature, and is anencryption product generally well-regarded by security pros. In this article, were going to talk about how you can set it up on your PC.
RELATED: Should You Upgrade to the Professional Edition of Windows 10?
Note: BitLocker Drive Encryption and BitLocker To Go require a Professional or Enterprise edition of Windows 8 or 10, or the Ultimate version of Windows 7. However, starting with Windows 8.1, the Home and Pro editions of Windows include a Device Encryption feature(a feature also included in Windows 10) that works similarly. We recommend Device Encryption if your computer supports it, BitLocker for Pro users who cant use Device Encryption, and VeraCrypt for people using a Home version of Windows where Device Encryption wont work.
Many guides out there talk about creating a BitLocker container that works much like the kind of encrypted container you can create with products like TrueCrypt or Veracrypt. Its a bit of a misnomer, but you can achieve a similar effect. BitLocker works by encrypting entire drives. That could be your system drive, a different physical drive, or a virtual hard drive (VHD) that exists as a file and is mounted in Windows.
RELATED: How to Create an Encrypted Container File With BitLocker on Windows
The difference is largely semantic. In other encryption products, you usually create an encrypted container, and then mount it as a drive in Windows when you need to use it. With BitLocker, you create a virtual hard drive, and then encrypt it. If youd like to use a container rather than, say, encrypt your existing system or storage drive, check out our guide to creating an encrypted container file with BitLocker.
For this article, were going to concentrate on enabling BitLocker for an existing physical drive.
RELATED: How to Use BitLocker Without a Trusted Platform Module (TPM)
To use BitLocker for a drive, all you really have to do is enable it, choose an unlock methodpassword, PIN, and so onand then set a few other options. Before we get into that, however, you should know that using BitLockers full-disk encryption on a system drive generally requires a computer with a Trusted Platform Module (TPM) on your PCs motherboard. This chip generates and store the encryption keys that BitLocker uses. If your PC doesnt have a TPM, you can use Group Policy to enable using BitLocker without a TPM. Its a bit less secure, but still more secure than not using encryption at all.
You can encrypt a non-system drive or removable drive without TPM and without having to enable the Group Policy setting.
On that note, you should also know that there are two types of BitLocker drive encryption you can enable:
In Windows 7 through 10, you really dont have to worry about making the selection yourself. Windows handles things behind the scenes, and the interface youll use to enable BitLocker doesnt look any different. If you end up unlocking an encrypted drive on Windows XP or Vista, youll see the BitLocker to Go branding, so we figured you should at least know about it.
So, with that out of the way, lets go over how this actually works.
The easiest way to enable BitLocker for a drive is to right-click the drive in a File Explorer window, and then choose the Turn on BitLocker command. If you dont see this option on your context menu, then you likely dont have a Pro or Enterprise edition of Windows and youll need to seek another encryption solution.
Its just that simple. The wizard that pops up walks you through selecting several options, which weve broken down into the sections that follow.
The first screen youll see in the BitLocker Drive Encryption wizard lets you choose how to unlock your drive. You can select several different ways of unlocking the drive.
If youre encrypting your system drive on a computer thatdoesnt have a TPM, you can unlock the drive with a password or a USB drive that functions as a key. Select your unlock method and follow the instructions for that method (enter a password or plug in your USB drive).
RELATED: How to Enable a Pre-Boot BitLocker PIN on Windows
If your computer does have a TPM, youll see additional options for unlocking your system drive. For example, you can configure automatic unlocking at startup (where your computer grabs the encryption keys from the TPM and automatically decrypts the drive). You could alsouse a PIN instead of a password, or even choose biometric options like a fingerprint.
If youre encrypting a non-system drive or removable drive, youll see only two options (whether you have a TPM or not). You can unlock the drive with a password or a smart card (or both).
BitLocker provides you with a recovery key that you can use to access your encrypted files should you ever lose your main keyfor example, if you forget your password or if the PC with TPM dies and you have to access the drive from another system.
You can save the key to your Microsoft account, a USB drive, a file, or even print it. These options are the same whether youre encrypting a system or non-system drive.
If you back up the recovery key to your Microsoft account, you can access the key later at https://onedrive.live.com/recoverykey. If you use another recovery method, be sure to keep this key safeif someone gains access to it, they could decrypt your drive and bypass encryption.
You can also back up your recovery key multiple ways if you want. Just click each option you want to use in turn, and then follow the directions. When youre done saving your recovery keys, click Next to move on.
Note: If youre encrypting a USB or other removable drive, you wont have the option of saving your recovery key to a USB drive. You can use any of the other three options.
BitLocker automatically encrypts new files as you add them, but you must choose what happens with the files currently on your drive. You can encrypt the entire driveincluding the free spaceor just encrypt the used disk files to speed up the process. These options are also the same whetheryoure encrypting a system or non-system drive.
RELATED: How to Recover a Deleted File: The Ultimate Guide
If youre setting up BitLocker on a new PC, encrypt the used disk space onlyits much faster. If youre setting BitLocker up on a PC youve been using for a while, you should encrypt the entire drive to ensure no one can recover deleted files.
When youve made your selection, click the Next button.
If youre using Windows 10, youll see an additional screen letting you choose an encryption method. If youre using Windows 7 or 8, skip ahead to the next step.
Windows 10 introduced a new encryption method named XTS-AES. It provides enhanced integrity and performance over the AES used in Windows 7 and 8. If you know the drive youre encrypting is only going to be used on Windows 10 PCs, go ahead and choose the New encryption mode option. If you think you might need to use the drive with an older version of Windows at some point (especially important if its a removable drive), choose the Compatible mode option.
Whichever option you choose (and again, these are the same for system and non-system drives), go ahead and click the Next button when youre done, and on the next screen, click the Start Encrypting button.
The encryption process can take anywhere from seconds to minutes or even longer, depending on the size of the drive, the amount of data youre encrypting, and whether you chose to encrypt free space.
If youre encrypting your system drive, youll be prompted to run a BitLocker system check and restart your system. Make sure the option is selected, click the Continue button, and then restart your PC when asked.After the PC boots back up for the first time, Windows encrypts the drive.
If youre encrypting a non-system or removable drive, Windows does not need to restart and encryption begins immediately.
Whatever type of drive youre encrypting, you can check the BitLocker Drive Encryption icon in the system tray to see its progress, and you can continue using your computer while drives are being encryptedit will just perform more slowly.
If your system drive is encrypted, unlocking it depends on the method you chose (and whether your PC has a TPM). If you do have a TPM and elected to have the drive unlocked automatically, you wont notice anything differentyoull just boot straight into Windows like always. If you chose another unlock method, Windows prompts you to unlock the drive (by typing your password, connecting your USB drive, or whatever).
RELATED: How to Recover Your Files From a BitLocker-Encrypted Drive
And if youve lost (or forgotten) your unlock method, press Escape on the prompt screen to enter your recovery key.
If youve encrypted a non-system or removable drive, Windows prompts you to unlock the drive when you first access it after starting Windows (or when you connect it to your PC if its a removable drive). Type your password or insert your smart card, and the drive should unlock so you can use it.
In File Explorer, encrypted drives show a gold lock on the icon (on the left). That lock changes to gray and appears unlocked when you unlock the drive (on the right).
You can manage a locked drivechange the password, turn off BitLocker, back up your recovery key, or perform other actionsfrom the BitLocker control panel window. Right-click any encrypted drive, and then select Manage BitLocker to go directly to that page.
Like all encryption, BitLocker does add some overhead. Microsofts official BitLocker FAQ says that Generally it imposes a single-digit percentage performance overhead. If encryption is important to you because you have sensitive datafor example, a laptop full of business documentsthe enhanced security is well worth the performance trade-off.
- The Best Encryption Software for 2019 | PCMag.com - October 21st, 2019
- What is data encryption? - October 19th, 2019
- USB Enforced Encryption - Endpoint Protector - October 19th, 2019
- Authenticated encryption - Crypto++ Wiki - October 19th, 2019
- Tinder's Lack of Encryption Lets Strangers Spy on Your ... - October 19th, 2019
- 'Without Encryption, We Will Lose All Privacy': Snowden ... - October 18th, 2019
- Security pros reiterate warning against encryption backdoors - October 18th, 2019
- Encryption - servicepro.wiki - October 18th, 2019
- Mozy Encryption - October 18th, 2019
- Optical Encryption Market Size, Share, Trends and Forecast ... - October 18th, 2019
- MySQL Enterprise Transparent Data Encryption (TDE) - October 18th, 2019
- What is Encryption? - Definition from WhatIs.com - October 17th, 2019
- Encryption: What It Is, and How It Works for You | Tom's Guide - October 2nd, 2019
- Security Encryption Systems | HowStuffWorks - October 2nd, 2019
- What is The Difference Between Hashing and Encrypting - October 2nd, 2019
- How Encryption Works | HowStuffWorks - September 5th, 2019
- encryption - How secure is AES-256? - Cryptography Stack ... - June 2nd, 2019
- The World's Email Encryption Software Relies on One Guy, Who ... - May 5th, 2019
- Encryption breakthrough could keep prying eyes away from your ... - May 5th, 2019
- What Is Data Encryption? Definition, Best Practices & More ... - May 1st, 2019
- IronClad Encryption Partners with Data443 Risk Mitigation ... - April 30th, 2019
- What Is Encryption? An Overview of Modern Encryption ... - April 30th, 2019
- Symmetric vs. Asymmetric Encryption What are differences? - April 29th, 2019
- Difference Between Hashing and Encryption - ssl2buy.com - April 29th, 2019
- What is Advanced Encryption Standard (AES)? - Definition ... - April 29th, 2019
- How to Encrypt Your Wireless Network - Lifewire - April 29th, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 ... - April 22nd, 2019
- Email encryption - Wikipedia - April 8th, 2019
- What is Encryption, and Why Are People Afraid of It? - April 8th, 2019
- Data encryption | cryptology | Britannica.com - April 8th, 2019
- How to Enable Full-Disk Encryption on Windows 10 - April 1st, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 Race - March 27th, 2019
- Does Encryption Really Help ISIS? Heres What You Need to ... - March 27th, 2019
- AES and RSA Encryption Explained - March 27th, 2019
- Encryption: What it is and why its important - Norton - March 23rd, 2019
- Email encryption in transit - Gmail Help - March 21st, 2019
- Authenticated encryption - Wikipedia - March 19th, 2019
- Email Encryption Options for MDaemon Email Server - March 14th, 2019
- How to Encrypt Files on Windows - Tutorial - Toms Guide - March 6th, 2019
- Encryption, Key Management - bank information security - March 5th, 2019
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- The Pitfalls of Facebook Merging Messenger, Instagram, and ... - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019
- Encryption | Information Technology Services - December 31st, 2018
- Encryption - Investopedia - December 16th, 2018
- How to Protect Data at Rest with Amazon EC2 Instance Store ... - December 9th, 2018
- Next Generation Encryption - blogs.cisco.com - December 4th, 2018
- 3 Different Data Encryption Methods - DataShield blog - November 22nd, 2018
- Security and encryption | Documentation | Turtl - November 18th, 2018
- Encryption | General Data Protection Regulation (GDPR) - November 16th, 2018
- Using Encryption and Authentication Correctly (for PHP ... - November 13th, 2018
- Encryption | SANS Security Awareness - November 9th, 2018
- Types of Encryption | Office of Information Technology - November 5th, 2018
- Use Your own Encryption Keys with S3s Server-Side ... - October 29th, 2018
- What is Tokenization vs Encryption - Benefits & Uses Cases ... - October 12th, 2018
- Device Encryption | it.ucsf.edu - October 12th, 2018
- 5 Common Encryption Algorithms and the Unbreakables of the Future - September 15th, 2018
- Top 5 best encryption software tools of 2018 | TechRadar - August 26th, 2018
- New EBS Encryption for Additional Data Protection | AWS ... - August 22nd, 2018
- Best Encryption Software 2018 - Encrypt Files on Windows PCs - August 20th, 2018
- Download BestCrypt Volume Encryption 3.78.05 / 4.01.09 Beta - July 26th, 2018
- End-to-end encryption - Wikipedia - July 24th, 2018
- Download Symantec Encryption Desktop 10.4.0 Build 1100 - July 15th, 2018
- HTTPS - Wikipedia - July 10th, 2018
- AES encryption - June 20th, 2018
- Encrypt email messages - Outlook - June 20th, 2018
- Download Sophos Free Encryption 220.127.116.11 - softpedia.com - June 19th, 2018
- Does Skype use encryption? | Skype Support - June 16th, 2018
- Encryption- Computer & Information Security - Information ... - May 25th, 2018
- Enable BitLocker on USB Flash Drives to Protect Data - May 25th, 2018
- Transparent Data Encryption (TDE) - msdn.microsoft.com - April 12th, 2018
- Encryption Software Market - Global Forecast to 2022 - March 24th, 2018
- What AES Encryption Is And How It's Used To Secure File Transfers - March 24th, 2018
- Encryption vs. Cryptography - What is the Difference? - March 24th, 2018
- Energy-efficient encryption for the internet of things | MIT News - February 16th, 2018
- The Best Encryption Software - TopTenReviews - February 16th, 2018
- File-Based Encryption | Android Open Source Project - February 7th, 2018
- Beyond Encryption | Secure Enterprise email using existing ... - February 1st, 2018