Whether it’s protection from burglaries, protection from intruders who live under your roof, or protection from someone who steals your laptop at Starbucks, encryption is something all computer users should use.
But when people hear the word “encryption,” they suddenly become apprehensive, thinking it has to do with coding, the command line, and other technical things that are usually seen in movies. But on Windows, it’s a simple case to right-click the hard drive and select the Bitlocker option.
What is Bitlocker?
Bitlocker is only available in Windows 10 Pro, Enterprise and Education. If you have one of these versions of Windows, you would seriously miss out on not using Bitlocker. It’s free, easy to use, and keeps your files safe from prying eyes.
Bitlocker locks hard drives and all contents of this hard drive with a password. You can configure it to automatically unlock the hard drive when you boot your computer (which I personally find stupid), or you can manually unlock the drive yourself.
But do not apply Bitlocker to the drive where the operating system is installed. Otherwise, the computer will not be able to boot because the operating system files will be inside the locked drive.
If you only have one drive with everything on it, you will have to split it across at least two drives and place all non-OS files on the new (s).
Here’s how to set up Bitlocker. The actual encryption of a drive will depend on its size and the number of files on it. Therefore, in some cases, it may take 24 to 48 hours for disk encryption to complete.
But the good thing is that you can shutdown your computer in the middle of encryption and it will continue encrypting when you boot your system again. In addition, you can continue to use the drive during the encryption process, adding and removing files without any consequences.
First open Windows Explorer and go to this PC. This page lists the various hard drives you have.
For the purposes of this article, we are going to encrypt one of my two backup drives. So I would right click on the drive (BACKUP DISK 1) and select Enable Bitlocker .
Now wait for Bitlocker to start. If you get an error that says the device cannot use TPM, read my post on what this means and how to fix it.
The next screen will ask you how you want to unlock the drive. If you don’t have a smart card, and I don’t have one, a password is your best bet. The password can be kept in mind, and if you make it difficult to guess, then you are more or less safe. Unless, of course, one of you knocks out.
So check the box for the password and the fields will be activated. Enter your password in both fields and click Next . Remember, no short silly passwords. Use a password manager, which usually includes a random password generator.
Now the most important thing is to back up the key. If you forget your Bitlocker password and cannot create a backup, you will permanently block access to the drive.
There is no password reset, no loophole, no way for Microsoft to help you. As it should be. Otherwise, it would be an excuse for encryption, right?
So now choose the key recovery process.
DO NOT save it to your Microsoft account. Email accounts can be compromised, and if you have the Bitlocker key well, that’s just silly.
I would do the other two (you can choose both). Save the file as a text file and hide it on another drive (NOT the one that is encrypted!). Maybe put it on a USB flash drive and hide it. But don’t put it in the cloud for the same reason as email.
Then, as an additional backup, print the file and put it somewhere, but you’ll never find it.
On the next screen, you will learn which encryption method to use. If you install it on a new drive or computer, you only need to encrypt the used space. If you are installing it on an old computer or drive, it is best to encrypt the entire drive.
Now we go into “encryption mode”. Removable devices must be in “compatible mode” while fixed devices (such as a hard drive inside your PC case) can use the new Windows 10 encryption mode.
It will now ask you if you are ready to start encrypting your device. Click Start Encryption to start the process.
If you need to shut down your computer before encryption is complete, it is best to suspend Bitlocker first.
You will now see that there are two new options in the drive’s context menu: Change Bitlocker Password and Manage Bitlocker .
In the Manage Bitlocker section you will find all the different options again. If you really don’t want Bitlocker to automatically unlock when Windows starts up, make sure this setting is turned off.
There are many other encryption options available for Windows, many of which are paid software solutions. But if you already have Bitlocker pre-installed in your Windows software, it seems silly to use something else. Unless, of course, you are being pursued by the NSA, in which case Bitlocker is not going to cut it.