Encrypting your hard drive is one of the easiest ways to secure your important data. And Windows 10 offers a BitLocker drive encryption program built-in. But it’s limited to Windows 10 Pro, Enterprise, and Education users only. Here is how to use BitLocker to encrypt your hard drive in Windows 10.
What is BitLocker?
Let’s first understand the BitLocker feature. BitLocker is a full drive encryption tool included in Windows 10 Pro, Enterprise, and Education. BitLocker uses 128-bit AES encryption (also written as AES-128). As far as encryption goes, that’s strong. At the current time, there is no known method of brute forcing a 128-bit AES encryption key.
BitLocker has three different encryption methods:
- User authentication mode. The “standard” user authentication mode encrypts your drive, requiring authentication before unlocking. Authentication takes the form of a PIN or password.
- Transparent operation mode. This is a slightly more advanced model that uses a Trusted Platform Module (TPM) chip. The TPM chip checks that your system files have not been modified since you encrypted the drive using BitLocker. If your system files have been tampered with, the TPM chip will not release the key. In turn, you will not be able to input your password to decrypt the drive. The transparent operation mode creates a secondary security layer over your drive encryption.
- USB Key mode. USB Key mode uses a physical USB device that boots into the encrypted drive.
How to Set Up BitLocker Encryption
First search for and select BitLocker from the Start Menu search bar,
Select the drive you want BitLocker to encrypt, then select Turn on BitLocker.
Now you must choose how you want to unlock this drive. Here you have two options.
- Use a password.
- Use a smart card.
Select the first option to Use a password to unlock the drive.
BitLocker Without a Trusted Platform Module
Note: If you are getting error message this device cant use a trusted platform module while enabling bitlocker Drive encryption apply below wrodaround to enable BitLocker Without a Trusted Platform Module
- Press Windows + R, type gpedit.msc and ok
- This will open Windows group policy editor,
- here navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
- Select Require additional authentication at startup, followed by Enabled.
- If your system doesn’t have a compatible TPM module, check the box to Allow BitLocker without a compatible TPM.
- Choosing a suitably strong password that you can also remember.
- As the BitLocker wizard helpfully suggests, your password should contain upper and lower-case letters, numbers, spaces, and symbols.
- The next page contains options for creating a BitLocker recovery key.
- A BitLocker recovery key is unique to your drive and is the only way you can safely and securely create a backup of sorts.
- There are four options to choose from. For now, select Save to File, then select a memorable save location. Once saved, hit Next.
The BitLocker wizard strongly suggests encrypting the entire drive if you are already using it to make sure you encrypt all available data, including deleted but not removed from the drive. Whereas if you are encrypting a new drive or new PC, “you only need to encrypt the part of the drive that’s currently being used” because BitLocker will encrypt new data automatically as you add it.
- Finally, choose your encryption mode.
- Select Start encrypting and wait for the process to complete.
- The encryption process can take some time, depending on the amount of data.
When you reboot your system or attempt to access the encrypted drive, BitLocker will prompt you for the drive password.