BitLocker is a tool built into Windows that lets you encrypt an entire hard drive for enhanced security. Heres how to set it up.
When TrueCrypt controversially closed up shop, they recommended their users transition away from TrueCrypt to using BitLocker or Veracrypt. BitLocker has been around in Windows long enough to be considered mature, and is anencryption product generally well-regarded by security pros. In this article, were going to talk about how you can set it up on your PC.
RELATED: Should You Upgrade to the Professional Edition of Windows 10?
Note: BitLocker Drive Encryption and BitLocker To Go require a Professional or Enterprise edition of Windows 8 or 10, or the Ultimate version of Windows 7. However, starting with Windows 8.1, the Home and Pro editions of Windows include a Device Encryption feature(a feature also included in Windows 10) that works similarly. We recommend Device Encryption if your computer supports it, BitLocker for Pro users who cant use Device Encryption, and VeraCrypt for people using a Home version of Windows where Device Encryption wont work.
Many guides out there talk about creating a BitLocker container that works much like the kind of encrypted container you can create with products like TrueCrypt or Veracrypt. Its a bit of a misnomer, but you can achieve a similar effect. BitLocker works by encrypting entire drives. That could be your system drive, a different physical drive, or a virtual hard drive (VHD) that exists as a file and is mounted in Windows.
RELATED: How to Create an Encrypted Container File With BitLocker on Windows
The difference is largely semantic. In other encryption products, you usually create an encrypted container, and then mount it as a drive in Windows when you need to use it. With BitLocker, you create a virtual hard drive, and then encrypt it. If youd like to use a container rather than, say, encrypt your existing system or storage drive, check out our guide to creating an encrypted container file with BitLocker.
For this article, were going to concentrate on enabling BitLocker for an existing physical drive.
RELATED: How to Use BitLocker Without a Trusted Platform Module (TPM)
To use BitLocker for a drive, all you really have to do is enable it, choose an unlock methodpassword, PIN, and so onand then set a few other options. Before we get into that, however, you should know that using BitLockers full-disk encryption on a system drive generally requires a computer with a Trusted Platform Module (TPM) on your PCs motherboard. This chip generates and store the encryption keys that BitLocker uses. If your PC doesnt have a TPM, you can use Group Policy to enable using BitLocker without a TPM. Its a bit less secure, but still more secure than not using encryption at all.
You can encrypt a non-system drive or removable drive without TPM and without having to enable the Group Policy setting.
On that note, you should also know that there are two types of BitLocker drive encryption you can enable:
In Windows 7 through 10, you really dont have to worry about making the selection yourself. Windows handles things behind the scenes, and the interface youll use to enable BitLocker doesnt look any different. If you end up unlocking an encrypted drive on Windows XP or Vista, youll see the BitLocker to Go branding, so we figured you should at least know about it.
So, with that out of the way, lets go over how this actually works.
The easiest way to enable BitLocker for a drive is to right-click the drive in a File Explorer window, and then choose the Turn on BitLocker command. If you dont see this option on your context menu, then you likely dont have a Pro or Enterprise edition of Windows and youll need to seek another encryption solution.
Its just that simple. The wizard that pops up walks you through selecting several options, which weve broken down into the sections that follow.
The first screen youll see in the BitLocker Drive Encryption wizard lets you choose how to unlock your drive. You can select several different ways of unlocking the drive.
If youre encrypting your system drive on a computer thatdoesnt have a TPM, you can unlock the drive with a password or a USB drive that functions as a key. Select your unlock method and follow the instructions for that method (enter a password or plug in your USB drive).
RELATED: How to Enable a Pre-Boot BitLocker PIN on Windows
If your computer does have a TPM, youll see additional options for unlocking your system drive. For example, you can configure automatic unlocking at startup (where your computer grabs the encryption keys from the TPM and automatically decrypts the drive). You could alsouse a PIN instead of a password, or even choose biometric options like a fingerprint.
If youre encrypting a non-system drive or removable drive, youll see only two options (whether you have a TPM or not). You can unlock the drive with a password or a smart card (or both).
BitLocker provides you with a recovery key that you can use to access your encrypted files should you ever lose your main keyfor example, if you forget your password or if the PC with TPM dies and you have to access the drive from another system.
You can save the key to your Microsoft account, a USB drive, a file, or even print it. These options are the same whether youre encrypting a system or non-system drive.
If you back up the recovery key to your Microsoft account, you can access the key later at https://onedrive.live.com/recoverykey. If you use another recovery method, be sure to keep this key safeif someone gains access to it, they could decrypt your drive and bypass encryption.
You can also back up your recovery key multiple ways if you want. Just click each option you want to use in turn, and then follow the directions. When youre done saving your recovery keys, click Next to move on.
Note: If youre encrypting a USB or other removable drive, you wont have the option of saving your recovery key to a USB drive. You can use any of the other three options.
BitLocker automatically encrypts new files as you add them, but you must choose what happens with the files currently on your drive. You can encrypt the entire driveincluding the free spaceor just encrypt the used disk files to speed up the process. These options are also the same whetheryoure encrypting a system or non-system drive.
RELATED: How to Recover a Deleted File: The Ultimate Guide
If youre setting up BitLocker on a new PC, encrypt the used disk space onlyits much faster. If youre setting BitLocker up on a PC youve been using for a while, you should encrypt the entire drive to ensure no one can recover deleted files.
When youve made your selection, click the Next button.
If youre using Windows 10, youll see an additional screen letting you choose an encryption method. If youre using Windows 7 or 8, skip ahead to the next step.
Windows 10 introduced a new encryption method named XTS-AES. It provides enhanced integrity and performance over the AES used in Windows 7 and 8. If you know the drive youre encrypting is only going to be used on Windows 10 PCs, go ahead and choose the New encryption mode option. If you think you might need to use the drive with an older version of Windows at some point (especially important if its a removable drive), choose the Compatible mode option.
Whichever option you choose (and again, these are the same for system and non-system drives), go ahead and click the Next button when youre done, and on the next screen, click the Start Encrypting button.
The encryption process can take anywhere from seconds to minutes or even longer, depending on the size of the drive, the amount of data youre encrypting, and whether you chose to encrypt free space.
If youre encrypting your system drive, youll be prompted to run a BitLocker system check and restart your system. Make sure the option is selected, click the Continue button, and then restart your PC when asked.After the PC boots back up for the first time, Windows encrypts the drive.
If youre encrypting a non-system or removable drive, Windows does not need to restart and encryption begins immediately.
Whatever type of drive youre encrypting, you can check the BitLocker Drive Encryption icon in the system tray to see its progress, and you can continue using your computer while drives are being encryptedit will just perform more slowly.
If your system drive is encrypted, unlocking it depends on the method you chose (and whether your PC has a TPM). If you do have a TPM and elected to have the drive unlocked automatically, you wont notice anything differentyoull just boot straight into Windows like always. If you chose another unlock method, Windows prompts you to unlock the drive (by typing your password, connecting your USB drive, or whatever).
RELATED: How to Recover Your Files From a BitLocker-Encrypted Drive
And if youve lost (or forgotten) your unlock method, press Escape on the prompt screen to enter your recovery key.
If youve encrypted a non-system or removable drive, Windows prompts you to unlock the drive when you first access it after starting Windows (or when you connect it to your PC if its a removable drive). Type your password or insert your smart card, and the drive should unlock so you can use it.
In File Explorer, encrypted drives show a gold lock on the icon (on the left). That lock changes to gray and appears unlocked when you unlock the drive (on the right).
You can manage a locked drivechange the password, turn off BitLocker, back up your recovery key, or perform other actionsfrom the BitLocker control panel window. Right-click any encrypted drive, and then select Manage BitLocker to go directly to that page.
Like all encryption, BitLocker does add some overhead. Microsofts official BitLocker FAQ says that Generally it imposes a single-digit percentage performance overhead. If encryption is important to you because you have sensitive datafor example, a laptop full of business documentsthe enhanced security is well worth the performance trade-off.
- Apple Wanted the iPhone to Have End-to-End Encryption. Then the FBI Stepped In - Popular Mechanics - January 27th, 2020
- Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes - Gizmodo - January 27th, 2020
- Deployed 82nd Airborne unit told to use these encrypted messaging apps on government cell phones - Military Times - January 27th, 2020
- The FBI doesn't need Apple to give it a backdoor to encryption, because it already has all the access it needs - Boing Boing - January 27th, 2020
- Whether Apple or Google: Is there a back door into your phones online backups? - USA TODAY - January 27th, 2020
- Encryption Software Market | Global Analysis Along With Trends, Growth, Key Players And Future Predictions Till 2026 - VOICE of Wisconsin Rapids - January 27th, 2020
- How encryption could stop the exposure of personal data in the cloud - NewsDio - January 27th, 2020
- Bitcoin transactions will not be private even with Schnorr encryption - AMBCrypto - January 27th, 2020
- SSL Encryption: Making The Web A Safer Place - TechShout! - January 27th, 2020
- Review: SecureDrive BT, the encrypted external SSD you can unlock with Face ID - 9to5Mac - January 19th, 2020
- EncryptOnClick is a freeware tool that can encrypt files and folders - Ghacks Technology News - January 19th, 2020
- Trump and Comey Are United Against Encrypted Communications - Reason - January 19th, 2020
- Police Scotland to roll out encryption bypass technology - Glasgow Live - January 19th, 2020
- Encryption battle reignited as US govt at loggerheads with Apple - Times Now - January 19th, 2020
- Hardware Encryption Market Set To Register A CAGR Growth Of XX% Over The Forecast Period 2017 2025 - Fusion Science Academy - January 19th, 2020
- Malware Obfuscation, Encoding and Encryption - Security Boulevard - January 14th, 2020
- Microsoft CEO says encryption backdoors are a terrible idea - The Verge - January 14th, 2020
- Debate over access to encryption isn't going away - Washington Examiner - January 14th, 2020
- Over two dozen encryption experts call on India to rethink changes to its intermediary liability rules - TechCrunch - January 14th, 2020
- Encryption Software Market Booming by Size, Trends and Top Growing Companies- IBM Corporation, Sophos, Ciphercloud, Pkware, Mcafee - BulletintheNews - January 14th, 2020
- Hardware-based Full Disk Encryption Market Analysis With Key Players, Applications, Trends And Forecasts To 2025 - Instanews247 - January 14th, 2020
- Mobile Encryption Market Insights and Technology 2020, Forecasts to 2026 - Broadcast Offer - January 14th, 2020
- Garda needs new technology for online child abuse investigations - The Irish Times - January 14th, 2020
- IoT Security Solution for Encryption Market Research, Recent Trends and Growth F - News by aeresearch - January 14th, 2020
- Apple made a rare appearance at tech's biggest conference and defended encryption on the iPhone - Business Insider - January 8th, 2020
- Encryption Software Market to cross USD 20 Bn by 2026: Global Market Insights, Inc. - Yahoo Finance - January 8th, 2020
- Data Encryption Software Market Size by Top Leading Key Players, Growth Opportunities, Incremental Revenue , Trends, Outlook and Forecasts to 2025 -... - January 8th, 2020
- WidePoint Partners with KoolSpan to Offer End-to-End Encryption for Phone Calls and Text Messages - GlobeNewswire - January 8th, 2020
- Encryption Software Market 2020 Size, Growth By Top Companies, Forecast Analysis To 2027 - Citi Blog News - January 8th, 2020
- How to cope with a FileVault recovery key disappearing while you write it down - Macworld - January 8th, 2020
- Doing these 10 things on WhatsApp may land you in jail - Gadgets Now - January 8th, 2020
- Holistic encryption is one of the keys to California Consumer Privacy Act risk management - Continuity Central - January 6th, 2020
- Encryption Software Market 2020 Size, Share Metrics, Growth Trends and Forecast to 2026 - Food & Beverage Herald - January 6th, 2020
- New Informative Report of IoT Security Solution for Encryption Top Key Players are Cisco Systems, Intel Corporation, IBM Corporation, Symantec... - January 6th, 2020
- Maastricht University gets almost all of its Windows systems encrypted by ransomware - 2-spyware.com - January 6th, 2020
- Homomorphic Encryption Market Analysis, Industry Size, Application Analysis, Regional Outlook, Competitive Strategies And Forecasts (2020 2027) -... - January 6th, 2020
- The Week in Ransomware - January 3rd 2020 - Busy Holiday Season - BleepingComputer - January 6th, 2020
- Keep Your Business Secure From Online Threats - BBN Times - January 6th, 2020
- State Department Adds ITAR Definitions in Interim Final Rule for Activities that Are Not Exports, Reexports, Retransfers or Temporary Imports -... - January 6th, 2020
- Global Hardware-based Full Disk Encryption (FDE) Market Executive Summary and Analysis by Top Players 2020-2027: Seagate Technology PLC, Western... - January 6th, 2020
- Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools - BleepingComputer - January 6th, 2020
- Scientists in Scotland help develop worlds first encryption system that is unbreakable by hackers - The Independent - December 21st, 2019
- Apple Bows Down To Google As 2019 Most Trustworthy Recognition - International Business Times - December 21st, 2019
- Facebook , Apple being threatened by US senators over data encryption - Gizmo Posts 24 - December 21st, 2019
- How To Secure Microsoft Windows 10 In Eight Easy Steps - Forbes - December 21st, 2019
- Examine Mobile Encryption Market expected to obtain $2,917.9 million by 2022 - WhaTech - WhaTech - December 21st, 2019
- Facebook's end-to-end encryption will enhance user privacy but its not good news for law enforcement - Firstpost - December 21st, 2019
- Future of Encryption Software Market Reviewed in a New Research Study 2019-2025 - Daily News Reports 24 - December 21st, 2019
- Fortanix expert on how European companies are taking back control of their data in the cloud - Intelligent CIO ME - December 21st, 2019
- What's that? Encryption's OK now? UK politicos Brexit from Whatsapp to Signal - The Register - December 20th, 2019
- NYPD radio encryption most likely wont happen in 2020 but will soon - amNY - December 20th, 2019
- If You Think Encryption Back Doors Won't Be Abused, You May Be a Member of Congress - Reason - December 20th, 2019
- The decline of passwords, the rise of encryption and deepfakes cybersecurity predictions for 2020 - BetaNews - December 20th, 2019
- Facebook's Push for End-to-End Encryption Is Good News for User Privacy, as Well as Terrorists and Paedophiles - Nextgov - December 20th, 2019
- Internet of crap (encryption): IoT gear is generating easy-to-crack keys - The Register - December 20th, 2019
- What Is Snatch Ransomware and How to Remove It - Guiding Tech - December 20th, 2019
- Hardware-based Full Disk Encryption Market Executive Summary, Introduction, Sizing, Analysis and Forecast To 2025 - Market Research Sheets - December 20th, 2019
- NYPD Eyeing Encrypted Radios to Protect Criminal Investigations - Officer - December 20th, 2019
- Volunteer firefighters, EMTs worry they won't have NYPD radio access to help public - amNY - December 20th, 2019
- What We Learned About the Technology That Times Journalists Use - The New York Times - December 20th, 2019
- The Senate Judiciary Committee Wants Everyone to Know It's Concerned About Encryption - EFF - December 14th, 2019
- The Defense Department Says It Needs the Encryption the FBI Wants to Break - Free - December 14th, 2019
- Congress wants to regulate encryption for big tech - The Burn-In - December 14th, 2019
- Facebook says it won't break end-to-end encryption - TechRadar - December 14th, 2019
- Encryption spat sees backdoor back-and-forth between tech firms, Congress - TelecomTV - December 14th, 2019
- Michael Hayden Ran The NSA And CIA: Now Warns That Encryption Backdoors Will Harm American Security & Tech Leadership - Techdirt - December 14th, 2019
- Large, diverse coalition of civil society groups tell the US, UK and Australian governments not to ban working encryption - Boing Boing - December 14th, 2019
- U.S. Attorney Justin Herdman of Ohio says agents need access encrypted devices, apps for the sake of public s - cleveland.com - December 14th, 2019
- Google makes it safer to text on Android phones, but end-to-end encryption is still MIA - PCWorld - December 14th, 2019
- Priti Patel bids to create end-to-end encryption apps' back door - The National - December 14th, 2019
- Encryption can't put tech giants beyond the reach of the law, Minister says - The Age - December 14th, 2019
- Chrome 79 includes anti-phishing and hacked password protection - Naked Security - December 14th, 2019
- Hardware Encryption Technology Market : Analysis and In-depth study on market Size Trends, Emerging Growth Factors and Forecasts to 2027 - Downey... - December 14th, 2019
- Encryption back on the congressional agenda - Politico - December 9th, 2019
- Police radios blocked from the public in southeast Denver metro area - The Denver Post - December 9th, 2019
- Encryption Software Market Innovations, And Top Companies - Forecast To 2029| Microsoft, Sophos Ltd., Check Point Software Technologies Ltd. -... - December 9th, 2019
- Did You Hear That? Securing Communications in 2019 | Insight for the Connected Enterprise - No Jitter - December 9th, 2019
- 'Government broke their promise': Labor seeks to amend encryption legislation - Sydney Morning Herald - December 9th, 2019
- Global Hardware-based Full Disk Encryption Market 2019 Innovation and Technological Developments, Industry Analysis & Outlook 2023 - Weekly News... - December 9th, 2019
- Privacy vs public safety - the pros and cons of encryption - World Economic Forum - December 8th, 2019