Enroll Course

100% Online Study
Web & Video Lectures
Earn Diploma Certificate
Access to Job Openings
Access to CV Builder



Online Certification Courses

How to Encrypt Your Drive With BitLocker in Windows 10

How to Encrypt Your Drive With BitLocker in Windows 10. 

What Is BitLocker?

BitLocker is a full volume encryption tool included in Windows 10 Pro, Enterprise, and Education. You can use BitLocker to encrypt a drive volume.

BitLocker offers strong encryption to regular Windows 10 users. By default, BitLocker uses 128-bit AES encryption. As far as encryption goes, that’s strong. At the current time, there is no known method of brute forcing a 128-bit AES encryption key. A research team did come up with one potential attack on the AES encryption algorithm, but it would take millions of years to crack the key. That’s why people refer to AES as “military-grade encryption.”

How to Check If Your System Has a TPM Module

Unsure if your system has a TPM module? Press Windows Key + R, then input tpm.msc. If you see information about the TPM on your system, you have a TPM module installed. If you meet the “Compatible TPM cannot be found” message, your system does not have a TPM module.

It isn’t a problem if you do not have one. You can still use BitLocker without a TPM module. 

How to Check If BitLocker Is Enabled

Before progressing to the BitLocker drive encryption tutorial, check whether BitLocker is enabled on your system.

  1. Type gpedit in your Start Menu search bar and select the Best Match. The Group Policy Editor will open.
  2. Head to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  3. Select Require additional authentication at startup, followed by Enabled.

If your system doesn’t have a compatible TPM module, check the box to Allow BitLocker without a compatible TPM.

How to Use BitLocker Drive Encryption on Windows 10

  1. First up, type BitLocker in your Start Menu search bar, then select the Best Match.
  2. Select the drive you want BitLocker to encrypt, then select Turn BitLocker On.
  3. Now you must choose how you want to unlock this drive. Here you have two options.
  4. Use a password.
  5. Use a smart card.
  6. Select the first option to Use a password to unlock the drive.

Choose a BitLocker Password

Here’s the fun part: choosing a suitably strong password that you can also remember. As the BitLocker wizard helpfully suggests, your password should contain upper and lower case letters, numbers, spaces, and symbols. 

Once you create a suitable password, enter it, then retype it to confirm.

The next page contains options for creating a BitLocker recovery key. A BitLocker recovery key is unique to your drive and is the only way you can safely and securely create a backup of sorts. There are four options to choose from. For now, select Save to File, then select a memorable save location. Once saved, hit Next.

How Much Drive to Encrypt With BitLocker and Which Encryption Mode to Use

At this point, you choose how much of your drive to encrypt.

The BitLocker wizard strongly suggests encrypting the entire drive if you are already using it to make sure you encrypt all available data, including deleted but not removed from the drive. Whereas if you are encrypting a new drive or new PC, “you only need to encrypt the part of the drive that’s currently being used” because BitLocker will encrypt new data automatically as you add it.

Finally, choose your encryption mode. Windows 10 version 1511 introduced a new disk encryption mode, known as XTS-AES. XTS-AES provides additional integrity support. However, it is not compatible with older Windows versions. If the drive you are encrypting with BitLocker will remain in your system, you can safely choose the new XTS-AES encryption mode.

Encrypt Your Drive with BitLocker

You have reached the final page: it is time to encrypt your drive using BitLocker. Select Start encrypting and wait for the process to complete. The encryption process can take some time, depending on the amount of data.

When you reboot your system or attempt to access the encrypted drive, BitLocker will prompt you for the drive password.

Using AES-256 with BitLocker

You can make BitLocker use much stronger 256-bit AES encryption, instead of 128-bit AES. Even though 128-bit AES encryption will take forever to brute force, you can always make it take forever and a day using the additional strength.

The main reason to use AES-256 instead of AES-128 is to protect against the rise of quantum computing in the future. Quantum computing will be able to break our current encryption standards more ease than our current hardware.

Open the Group Policy Editor, then Head to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption.

Select Choose drive encryption method and cipher strength. Select Enabled, then use the dropdown boxes to select XTS-AES 256-bit. Hit Apply, and you’re good to go.

Corporate Training for Business Growth and Schools