Whether it’s protection againsthacking, protection against snoopers who are living under your roof, orprotection against someone who steals your laptop in Starbucks, encryption issomething that all computer users should be taking advantage of.
But when people hear the word“encryption”, they suddenly get apprehensive, thinking it involves coding, thecommand line, and other tech stuff normally seen in the movies. But withWindows, it is a simple case of right-clicking on a hard-drive and choosing theBitlocker option.
Only the Pro, Enterprise and Education editions of Windows 10 offerBitlocker. If you own one of these editions of Windows, you would beseriously remiss not to use Bitlocker. It’s free, easy to use, and it willprotect your files from prying eyes.
Bitlocker locks hard drives andeverything contained on that hard drive with a password. You can configure itso the hard drive is automatically unlocked when the computer boots up (which Ipersonally think is stupid), or you can manually unlock the drive yourself.
But don’t apply Bitlocker to the drive which has the operating system installed on it. Otherwise the computer will not be able to boot up since the operating system files will be inside the locked drive.
If you only have one drive with everything on it, you will have to partition the drive into at least two drives and put all non-OS files in the new one(s).
Here is how to set up Bitlocker.The actual encryption of the drive will depend on how large it is and how manyfiles are currently on it. So in some cases, it can take 24-48 hours for theencryption of the drive to be completed.
But the good thing is that you canshut down the computer mid-encryption and it will continue to encrypt when youboot up your system again. Plus you can continue to use the drive during theencryption process, adding and removing files without any consequences.
First, open up Windows Explorer and go to This PC. This page will show you the various hard-drives you have.
For the purpose of this article, we are going to encrypt one of my two backup drives. So I would right-click on the drive (BACKUP DRIVE 1) and choose Turn Bitlocker On.
Now wait for Bitlocker to start up. If you get an error that says the device cannot use a Trusted Platform Module , read my post here on what that means and how to fix it.
The next screen will ask you howyou want to unlock the drive. Unless you have a smart card, and I don’t, thebest option is the password. A password can be kept in your head, and if youmake it difficult to figure out, then you are more or less safe. Unless ofcourse somebody beats it out of you.
So tick the box for the passwordand the fields will be activated. Enter your password in both boxes and click “Next”. Remember, no short sillypasswords. Use a password manager which normally includes a random passwordgenerator.
Now for the most important part – backing up the key. If you forget your Bitlocker password, and you fail to make a backup, you will be locked out of the drive forever.
There are no password resets, no back doors, no way for Microsoft to help you. As it should be. Otherwise, it would be a pretty sorry excuse for encryption wouldn’t it?
So now choose your recovery keyprocess.
Do NOT save it to your Microsoftaccount. Email accounts can be compromised and if you have your Bitlocker keysitting there…well, that is just plain stupid.
I would do the other two (you canchoose both). Save the file as a text file and hide it on another drive (NOTthe one being encrypted!). Maybe also put it on a USB stick and hide it. Butdon’t put it in cloud storage for the same reason as email.
Then as an extra backup, print thefile out and put it somewhere no-one but you will ever find it.
The next screen will tell you whichencryption method to use. If you are installing it on a brand new drive or PC,you only need to encrypt the used space only. If you are installing it on aused PC or used drive, it is better to encrypt the entire drive.
Now we are on to “encryption mode”.Removable devices need to be in “compatible mode” while fixed devices (such asthe hard drive inside your PC case) can use the new Windows 10 encryption mode.
It will now ask you if you are ready to start encrypting the device. Click Start Encrypting to begin the process.
If you need to switch off thecomputer before the encryption is finished, it is better to pause Bitlockerfirst.
You will now see that the right-click menu on the drive has two new options – Change Bitlocker password and Manage Bitlocker.
Under Manage Bitlocker, you will find all of the various options again. Unless you really want Bitlocker to auto-unlock when Windows boots up, make sure that option is OFF.
There are many other encryptionpossibilities for Windows, many of them paid software solutions. But if youalready have Bitlocker pre-installed on your Windows software, it seems sillyto use something else. Unless of course you have the NSA after you, in whichcase, Bitlocker isn’t going to cut it.