Whether it’s protection against hacking, protection against snoopers who are living under your roof, or protection against someone who steals your laptop in Starbucks, encryption is something that all computer users should be taking advantage of.
But when people hear the word “encryption”, they suddenly get apprehensive, thinking it involves coding, the command line, and other tech stuff normally seen in the movies. But with Windows, it is a simple case of right-clicking on a hard-drive and choosing the Bitlocker option.
What Is Bitlocker?
Only the Pro, Enterprise and Education editions of Windows 10 offer Bitlocker. If you own one of these editions of Windows, you would be seriously remiss not to use Bitlocker. It’s free, easy to use, and it will protect your files from prying eyes.
Bitlocker locks hard drives and everything contained on that hard drive with a password. You can configure it so the hard drive is automatically unlocked when the computer boots up (which I personally think is stupid), or you can manually unlock the drive yourself.
But don’t apply Bitlocker to the drive which has the operating system installed on it. Otherwise the computer will not be able to boot up since the operating system files will be inside the locked drive.
If you only have one drive with everything on it, you will have to partition the drive into at least two drives and put all non-OS files in the new one(s).
Setting Up Bitlocker
Here is how to set up Bitlocker. The actual encryption of the drive will depend on how large it is and how many files are currently on it. So in some cases, it can take 24-48 hours for the encryption of the drive to be completed.
But the good thing is that you can shut down the computer mid-encryption and it will continue to encrypt when you boot up your system again. Plus you can continue to use the drive during the encryption process, adding and removing files without any consequences.
First, open up Windows Explorer and go to This PC. This page will show you the various hard-drives you have.
For the purpose of this article, we are going to encrypt one of my two backup drives. So I would right-click on the drive (BACKUP DRIVE 1) and choose Turn Bitlocker On.
Now wait for Bitlocker to start up. If you get an error that says the device cannot use a Trusted Platform Module, read my post here on what that means and how to fix it.
The next screen will ask you how you want to unlock the drive. Unless you have a smart card, and I don’t, the best option is the password. A password can be kept in your head, and if you make it difficult to figure out, then you are more or less safe. Unless of course somebody beats it out of you.
So tick the box for the password and the fields will be activated. Enter your password in both boxes and click “Next”. Remember, no short silly passwords. Use a password manager which normally includes a random password generator.
Now for the most important part – backing up the key. If you forget your Bitlocker password, and you fail to make a backup, you will be locked out of the drive forever.
There are no password resets, no back doors, no way for Microsoft to help you. As it should be. Otherwise, it would be a pretty sorry excuse for encryption wouldn’t it?
So now choose your recovery key process.
Do NOT save it to your Microsoft account. Email accounts can be compromised and if you have your Bitlocker key sitting there…well, that is just plain stupid.
I would do the other two (you can choose both). Save the file as a text file and hide it on another drive (NOT the one being encrypted!). Maybe also put it on a USB stick and hide it. But don’t put it in cloud storage for the same reason as email.
Then as an extra backup, print the file out and put it somewhere no-one but you will ever find it.
The next screen will tell you which encryption method to use. If you are installing it on a brand new drive or PC, you only need to encrypt the used space only. If you are installing it on a used PC or used drive, it is better to encrypt the entire drive.
Now we are on to “encryption mode”. Removable devices need to be in “compatible mode” while fixed devices (such as the hard drive inside your PC case) can use the new Windows 10 encryption mode.
It will now ask you if you are ready to start encrypting the device. Click Start Encrypting to begin the process.
If you need to switch off the computer before the encryption is finished, it is better to pause Bitlocker first.
You will now see that the right-click menu on the drive has two new options – Change Bitlocker password and Manage Bitlocker.
Under Manage Bitlocker, you will find all of the various options again. Unless you really want Bitlocker to auto-unlock when Windows boots up, make sure that option is OFF.
There are many other encryption possibilities for Windows, many of them paid software solutions. But if you already have Bitlocker pre-installed on your Windows software, it seems silly to use something else. Unless of course you have the NSA after you, in which case, Bitlocker isn’t going to cut it.