If you keep sensitive data on your computer, protecting it is a critical part of maintaining its integrity. This is especially true for mobile users. Since the release of Windows, Vista Microsoft introduced a new security feature called BitLocker Drive Encryption. Windows 7 introduced the BitLocker To Go feature for portable storage devices such as thumb drives and SD cards. For Windows 10, you need to be running the Pro or Enterprise edition. Why Microsoft does not make this a standard feature across all editions is still mind boggling, considering that encrypting data is one of the most effective ways to help keep it secure. If you are running Windows 10 Home, you will need to perform an Easy Upgrade to Windows 10 Pro to get it.
What is Encryption?
Encryption is a method of making readable information unrecognizable to unauthorized users. When you encrypt your information, it remains usable even when you share it with other users. If you send an encrypted Word document to a friend, they will need first to decrypt it. Windows 10 includes different types of encryption technologies, the Encrypting File System (EFS) and BitLocker Drive Encryption, which we will look at in this article.
What You Should Know and Do in Advance
- Encrypting your entire hard disk can be a long process. I strongly suggest before enabling BitLocker, make sure you backup your entire computer. This is recommended if you don’t have a UPS then a power outage occurs during the encryption.
- The latest Windows 10 November Update includes a more secure encryption standard you can take advantage. Please note, though, the new encryption standard is only compatible with other Windows 10 November Update systems.
- If you are running Windows 10 on an older computer without the Trusted Platform Module chip (TPM 1.2), you might not be able to setup BitLocker. Please review troubleshooting steps further down in this article.
Turn on BitLocker Drive Encryption in Windows 10
Click Start > File Explorer > This PC. Then right-click your system drive where Windows 10 is installed, then click Turn on BitLocker.
Enter a password to unlock your drive; this will be an important test to ensure you can boot the system if you happen to lose the recovery key.
Choose how you want to back up your recovery key, you can use your Microsoft account if you have one, save it to a USB thumb drive, save it somewhere other than the local drive or print a copy. I will save my own to another computer then print a copy.
You have two choices when encrypting your local disk if it is a new computer just pulled out of the box, use the Encrypt used disk space only. If it’s already in use, choose the second option Encrypt entire drive. Since I was already using this computer, I will go with the second option. Note, it will take some time especially if it’s a large drive. Make sure your computer is on UPS power in case of a power failure.
If you are running the Windows 10 November Update, it includes a more robust encryption mode called XTS-AES providing additional integrity support with an improved algorithm. If it is a fixed drive, choose this option.
When you are ready to encrypt, click Continue.
Restart your computer when prompted.
Remember that password you created earlier? Now is the time to enter it.
After logging into Windows 10, you will notice there is not much happening. To find out the status of encryption, click Start > File Explorer > This PC. You’ll now see a padlock emblem on the system drive. Right-click the drive then select Manage BitLocker.
You will see the current status which is C: BitLocker Encrypting. This will take some time, so you can continue using your computer while encryption takes place in the background, you’ll be notified when it is complete.
When BitLocker Encryption is finished, you can use your computer as you normally do. Any content created in addition to your communications will be secured.
If at any time you would like to suspend encryption, you can do so from the BitLocker Encryption Control Panel item. Click the Suspend link. Data created when in suspension is not encrypted. It is recommended you turn off BitLocker encryption when upgrading Windows, modifying the computer’s firmware or making hardware changes.