BitLocker is a feature that has been around for a long time, and it provides a way to encrypt the data on the hard drive to prevent unauthorized access to your information. On Windows 10, if you keep sensitive files on your device, it is crucial to take the necessary steps to protect them. This is when BitLocker comes in very handy.
It offers two methods of encryption, including hardware-based encryption using Trusted Platform Module (TPM) chip and software-based encryption using a password or USB flash drive to decrypt the drive and continue booting into Windows 10. It also allows protecting the data on the installation drive, secondary storage, and removable media with the “BitLocker To Go.”
- BitLocker Drive Encryption is available on Windows 10 Pro and Enterprise. Windows 10 Home edition has its version of BitLocker on select devices.
- Trusted Platform Module (TPM) chip is needed for the best result. This is a special chip that enables the device to support advanced security features.
- BitLocker is available without TPM by using software-based encryption, but it requires some extra steps for additional authentication.
- Computer firmware must support TPM or USB devices during startup. If the feature isn’t available, check the computer manufacturer for the Basic Input Output System (BIOS) or Unified Extensible Firmware Interface (UEFI) update.
- Computer’s hard drive must have two partitions, including a system partition with the necessary files to start the system and a partition with the Windows 10 installation. If the device does not meet the requirements, BitLocker will create them automatically. Also, the hard drive partitions must be formatted with the NTFS file system.
- The encryption process is not complicated, but it can take a lot of time, depending on the drive’s amount of data and size.
- Keep the computer connected with an uninterrupted power supply (UPS) throughout the entire process.
How to enable (hardware-based) BitLocker on the operating system drive
Search for Control Panel and click the top result to open the app.
Click on System and Security.
Click on BitLocker Drive Encryption.
Under the “Operating system drive” section, click the Turn on BitLocker option.
Select the option to save the recovery key:
- Save to your Microsoft account.
- Save to a file.
- Print the recovery.
Click the Next button.
Select how much the drive space to encrypt:
- Encrypt used disk space only (faster and best for new PCs and drives).
- Encrypt the entire drive (slower but best for PCs and drives already in use).
Choose between the two encryption options:
- New encryption mode (best for fixed drives on this device).
- Compatible mode (best for drives that can be moved from this device).
Click the Next button.
Check the Run BitLocker system check option.
Click the Continue button.
Then, Restart now button.
After you complete the steps, the device will restart, BitLocker will enable, and you will not be prompted to enter a decryption password to continue starting Windows 10. Although the device will boot quite fast, on Control Panel > System and Security > BitLocker Drive Encryption, you will notice that BitLocker is still encrypting the drive. Depending on the option you selected and the size of the drive, this process can take a long time, but you can continue to work on the computer.
After the encryption process is complete, the drive will include a lock icon, and the label will read BitLocker on.
Once the drive encryption is enabled, several options will become available, including:
- Suspend protection: This option will stop protecting your files. Typically, you would use this option when upgrading to a new version of Windows 10, firmware, or hardware. If you don’t resume the encryption protection, BitLocker will resume automatically during the next reboot.
- Back up your recovery key: If you lose the recovery key and are still signed into your account, you can use this option to create a new backup of the key with the options mentioned in Step 6.
- Change password: Creates a new encryption password, but you will still need to supply the current password to make the change.
- Remove password: You cannot use BitLocker without a form of authentication. You can remove a password only when you configure a new method of authentication.
- Turn off BitLocker: Decrypts all the files on the drive. Also, decryption may take a long time to complete its process depending on the storage size, but you can still use your computer.
To enable BitLocker via software-based methodologies, you can follow this tutorial.