How To Set Up BitLocker Encryption On Windows

You might be a little disappointed to know that the password you set on your Windows OS is not very safe. It can be cracked very easily by anyone who is good with computers. But there is still a way to protect your data. Windows allows you to encrypt your whole hard disk or individual drives, and even the removable data storage units like pen drive or external hard disk. All this can be done with the help of software called BitLocker.

It comes pre-installed in several editions of Windows. The professional and enterprise editions of Windows 8, 8.1 and Windows 10 and Ultimate Edition of Windows 7 have BitLocker pre-installed. The core version of Windows 8.1 has a device encryption feature that works similar to the BitLocker. With the help of this app, you can encrypt all or some of your data and keep it safe from theft. Your drives will be password protected and away from any hacker’s reach. So, let’s see how you can set up BitLocker on your Windows.


Set Up BitLocker Encryption On Windows

To use Bitlocker, you will have to enable it for the drive you want to encrypt. The simplest way is to open File Explorer by pressing Windows + E, right click on the drive and select Turn on Bitlocker.

Turn On BitLocker
Turn On BitLocker

Otherwise, you can open Control Panel and go to System and Security. There you will see the Bitlocker Drive Encryption option. If you see none of these options, then you do not have the right edition of the Windows operating system.

Turn On BitLocker On Control Panel

If you have these options, you will get two types to choose from: BitLocker Drive Encryption and BitLocker To Go.

  • The first option is for full disk encryption. All the data in any or all of your drives will be encrypted. In order to see the data, you will need a password. This password can be stored on your computer or in a removable drive. If you store it on your computer, the data will be visible on your system. If you store it on a removable drive, data will be visible on a computer that has the drive attached to it. When the OS drive is encrypted through this, your computer will ask for the password on booting. It will decrypt the data and then load the Windows.
  • The BitLocker To Go option is for encrypting removable drives like USB flash drives or external hard disks. On connecting the encrypted drive to your computer, you will be asked for the password you chose during encryption. Without the password, no one will be able to access the data on the drive.

Read More:

BitLocker And TPM

BitLocker uses TPM (Trusted Platform Module) to secure encryption passwords. It is a microchip that comes pre-installed on the motherboard. Using TPM is more secure than storing passwords on the hard drive. This way, no one will be able to see your data by stealing your hard drive or copying it.

BitLocker And TPM

If your system does not have a TPM, you will be asked to set the “use Bitlocker without compatible TPM” option. You will need administrator privileges for this. To set this option, press Window key + R to open the dialog box. Type “gpedit.msc” in it and hit Enter.

Select Computer Configuration and then Administrative Templates. In the next step, select Windows Components and select BitLocker Drive Encryption.

Inside the BitLocker Drive Encryption, select Operating System Drives. Here, double click on the “Require additional authentication at startup” setting.

Local Group Policy
Local Group Policy

Select Enabled and check the “Allow BitLocker without a compatible TPM” option. Click OK to save the new setting.

BitLocker Unlock Method

Your system will need to decrypt the drive data when it boots in order to access the OS files. If your computer does not have TPM, either you can provide the password or use a flash drive for it. If TPM is available, password can also be stored on it and the system will automatically retrieve the password when it boots. You can select preferred unlock method in the BitLocker.

Also Read:

Recovery Key

Besides having a main password, BitLocker will also give you a recovery key. If you ever forget the password or your TPM gets damaged or you lose the password flash drive, you can use the recovery key to access the data. Thus, you should keep it safe. The best option for Windows 8 or 8.1 users is to store it on the Microsoft account.

It can then be retrieved from OneDrive. Others can save the recovery key in some other device or on email account or whatever option you find best. If you have lost your main password, press the escape button when your computer boots and you asked for the key. This will allow you to use the recovery key. If you lose both the main password and recovery key, your encrypted data is gone forever.

Used Or Full Drive

You can choose to encrypt either the entire drive or just the used part. The computer will automatically encrypt the new files you save to the drive, but you can select what happens to the existing ones. Encrypting the entire drive takes a very long time while encrypting only the used part is faster. You should go for the entire drive if you have been using this computer for a while now. There must be many deleted files on your drive that are not indexed by the OS. Those files will also get encrypted and away from the reach of anyone. If your computer is new and there are no or just a few deleted files, you can go for just the used part.

BitLocker To Go

The process of encrypting a removable drive is quite similar. You will be asked for the encryption password when you plug in the drive to your computer or any other computer. You can also select a smart card as the unlock method while encrypting the drive. Then you will be asked to provide the smart card on connecting the drive to a computer. The file explorer in Windows will show a lock symbol on the icon of an encrypted drive.