Why You Should Encrypt Your Drive and How to Do It with BitLocker

Encrypting your hard drive adds another, more secure layer of protection to your data instead of just using a password. Drive encryption encodes your data so that if someone acquires your physical hard drive, it is not possible for them to retrieve your data without your passwords/drive encryption key. BitLocker is a program included in every version of Windows since Vista that will encrypt your hard drive for you and store the key that releases the encrypted data on a microchip called a Trusted Platform Module. Most computers are now built with TPMs, however, it is still possible to encrypt your drive if your computer does not have one. If the TPM suspects your computer may have been tampered with, it will not release the key to decrypt your data after you have started up your computer.

1. Open your start menu and search for “manage BitLocker”

2. Inside of BitLocker Drive Encryption, click “turn on BitLocker”

3. BitLocker will ask if you would rather enter a password or insert a USB flash drive whenever you start up your computer. Pick whichever option will best suit you.

4. If you opt for a password, be sure to choose a strong password that you will remember; if you forget this password, you will not be able to access your data. Because you are encrypting your data, if you forget this password, your data will not be retrievable or understandable due to the fact that it is encrypted.

5. BitLocker is now asking you where you would like to keep a copy of your recovery key. It is also important that you save this key because if you cannot remember the password you created (or if you selected the option to insert a USB flash drive and you do not have access to that flash drive), then you may enter the key into your computer to release your encrypted data. Remember, if you choose to save it as a file you will need to save it somewhere other than your local machine as you will not be able to access the key from your local machine to decrypt your data, because they key will be encrypted, too. Therefore, it is probably a good idea to either print your key (and put it in a place you will not lose it) or to save it to a USB flash drive.

6. Now you will have to choose how much of your drive that you want to encrypt. Unless you are encrypting the hard drive of a brand new computer, you will want to choose to encrypt your entire drive.

7. BitLocker is now asking which encryption mode to use. There are two options, “New encryption mode (best for fixed drives on this device)” and “Compatible mode (best for drives that can be moved from this device.” The new encryption mode is what you will most likely choose if you are encrypting the hard drive within your computer; the compatible mode is for devices such as a USB flash drive or a portable external hard drive.

8. Now you are ready to encrypt your drive. You will need to restart your computer to start the encryption process, so make sure you do not have any unsaved work before you do so, or else choose to restart your computer later.

9. When you restart, you will be prompted to either enter the password you created or to insert your USB flash drive depending on which option you chose.

Your drive should now be encrypted by BitLocker. Remember: do not forget your password, and keep your recovery key in a place that is accessible to you. Sometimes BitLocker may randomly prompt you for the key when starting up, so try to have the key in a place that you may access at any point in time. Also, BitLocker will only be effective if your machine is powered off. If you have your machine turned on and unlocked, then your data is decrypted and accessible to someone who may acquire your hard drive, so be sure to power your machine off when you are not using it.