When you are storing confidential data on your computer, then it is important that you take precautionary steps to protect your data from prying eyes. It doesn’t mean that you have to protect your data from government authorities, it just protecting your data from evil-minded people. There are plenty of different methods present to protect your data, but protecting data using encryption is trending. Plus, Windows 10 has introduced an amazing feature called BitLocker Drive Encryption that allows the user to encrypt data present on your PC’s hard drive and on removable drives easily. If you haven’t used this feature before, then in this guide we will show you how to encrypt your drive with BitLocker in Windows 10.
Encryption is a method of making readable information unrecognizable to unauthorized users.
What is BitLocker in Windows 10
Similar to previous versions, pro and enterprise edition of Windows 10 includes the BitLocker Drive Encryption feature that allows you to use encryption on your PC’s hard drive and on removable drives to prevent prying eyes from snooping into your sensitive data. BitLocker uses an AES encryption algorithm with a 128-bit key or 256-bit key to encrypt disk volumes.
Important Things To Remember
Before learning the steps to encrypt data using BitLocker, you need to remember a few things –
- This feature is only available for Windows 10 Pro or Enterprise.
- To get high-quality results to link yours with Trusted Platform Module (TPM) chip. This is a special microchip that enables your device to support advanced security features.
- It can be used without a TPM chip, but it might need extra authentication steps.
- Your computer’s BIOS must support TPM or USB devices.
- Two partitions must be present on your computer containing the necessary files to start Windows and the partition with the operating system.
- The process of encrypting your entire hard drive can be very time-consuming depending on the size of your hard drive.
- Connect your computer with the uninterrupted power supply before starting the process.
BitLocker Drive Encryption feature encrypts an entire drive, And the boot loader will prompt you for your unlock method while starting Windows PC.
BitLocker To Go encrypts external drives such as USB flash drives and external hard drives
Is BitLocker hardware- or software encryption?
The simple answer is BitLocker supports both hardware and software encryption methods. If it can use a hardware TPM and you choose to encrypt the entire drive then it should use hardware encryption.
If you opt to just encrypt a volume on a disk (i.e. one of several partitions) then it will use software encryption. You can also choose to use software encryption if your computer doesn’t meet BitLocker’s requirements.
Check your device has a TPM chip
Foremost, before learning the steps of encryption, you need to make sure that your device has a TPM chip or not. To do that, you have to –
- Press Windows + R keyboard shortcut to open Run,
- Here type devmgmg.msc and click ok to open device manager,
- This will display all installed device driver lists
- look for and Expand Security Device,
- if you have a TPM chip, then one of the icons present there will read Trusted Platform Module with the version number.
Some of the devices such as Surface Pro 3, Surface Pro 4, or Surface Book comes with preinstalled TPM chip.
Well if you have noticed TPM chip present on your device but still getting error “This Device Can’t use a Trusted Platform Module” while enabling BitLocker on Windows 10. That cause Enter the BIOS or UEFI and look for a TPM setting and ensure it is switched on.
Turn on BitLocker without TPM
Well If your computer doesn’t include a Trusted Platform Module chip, you won’t be able to turn on BitLocker on Windows 10. You get an error message “This Device Can’t use a Trusted Platform Module”. In such a situation you need to use the Local Group Policy Editor to enable additional authentication at startup.
- Press the Windows key + R keyboard shortcut type gpedit.msc and click OK.
- This will open the local group policy editor window,
- Here Under Computer Configuration, expand Administrative Templates.
- Expand Windows Components, then BitLocker Drive Encryption and Operating System Drives.
- On the right side, double-click Require additional authentication at startup and Select Enabled.
- Also, Make sure to check the “Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)” option.
- Click OK to complete this process, and restart your PC to apply the policy.
Encrypt Your Drive With BitLocker in Windows 10
So, once you have ensured that the environment of your computer is perfect to run, BitLocker, then you can follow these steps –
- Open the Control panel Click on System and Security.
- Now select option “BitLocker Driver Encryption”
- Once you are under BitLocker Driver Encryption Window, click turn on BitLocker
Next, you have to select how you want to unlock your drive using Startup either by inserting a USB flash drive or Enter a password. In this guide, we are going to use the Enter a password option only
You need to select the password very carefully as you have to insert it every time you boot Windows 10 to unlock the drive and then click on Next. Don’t forget to create a strong password using a combination of uppercase, lowercase, and other symbols. And type the same password on Re-enter your password tab and click next.
You will next get the option to select a save recovery key to access your files if you forget your password. The option you will get includes –
- Save to your Microsoft account
- Save to a USB flash drive
- Save to a file
- Print the recovery
You can select any option which is the most convenient for you and save the option. If you are looking for a recommendation, then we can suggest you use a cloud option to save your recovery key in your Microsoft account with the help of your already existing Microsoft account. This way you will be able to retrieve back your recovery from anywhere.
Just press the Next key to continue.
Next, you have to select the best encryption option according to your convenience. You have two scenarios in front of you –
- Encrypt by using the space of your disk which is the best for new computers and drives.
- Encrypt the entire drive which is useful for PCs and drivers that are already in use.
Since I was already using this computer, I will go with the second option. Note, it will take some time especially if it’s a large drive. Make sure your computer is on UPS power in case of a power failure. Click next to continue.
Up next, you have to select between two more options and click next –
- New encryption mode (best for fixed drives on this device)
- Compatible mode (best for drives that can be moved from this device)
Make sure to check the Run BitLocker system check option to avoid any data loss, and click Continue.
when you click on Continue Bitlocker prompt to Reboot Windows 10 to finish the setup and begin encryption.
just restart your computer to start the encryption process.
Now On Next Boot At Startup BitLocker Will Ask for Password Which you set during BitLocker Configuration. Put the password and hit the enter key.
After logging into Windows 10, you will notice there is not much happening.
To find out the status of encryption. double-click on the BitLocker symbol in your taskbar.
When BitLocker Encryption is finished, you can use your computer as you normally do. Any content created in addition to your communications will be secured.
Turn off BitLocker in Windows 10
If at any time you would like to suspend encryption, you can do so from the BitLocker Encryption Control Panel item. or you can simply Right click on the encrypted Drive and select Manage BitLocker.
When you click on it this will open the BitLocker Drive Encryption window where you find below options.
- Back up your recovery key: If you lose your recovery key, and you’re still signed into your account, you can use this option to create a new backup of the key
- Change password: You can use this option to create a new encryption password, but you’ll still need to supply the current password to make the change.
- Remove password: You can’t use BitLocker without a form of authentication. You can remove a password only when you configure a new method of authentication.
- Turn off BitLocker: In case, you no longer need encryption on your computer, BitLocker provides a way to decrypt all your files.
However, make sure to understand that after turning off BitLocker your sensitive data will no longer be protected. In addition, decryption may take a long time to complete its process depending on the size of the drive, but you can still use your computer.
That’s all about the windows 10 BitLocker drive encryption feature. We hope that this guide on how to Encrypt Your Drive With BitLocker in Windows 10 has given you insightful information.