BitLocker Drive Encryption
Windows 10 comes with in built drive encryption called BitLocker Drive Encryption. If your PC is stolen, the files cannot be accessed by simply removing the Hard Disk Drive. This feature is available only in the Professional Version and has to be activated by signing in with an online Microsoft Account.
What is BitLocker Drive Encryption
Files written to a storage device are in the open. This means that anyone who gains access to your device will have access to your data. With the introduction of encryption, the data written to any storage device is encrypted with a password. The data can now be accessed only with the password.
The encryption facility is now available by default in Windows 10. It was available in earlier versions too. Encryption in Windows means that all data which is written to the hard disk is automatically encrypted. This constant encryption and decryption will incur additional computing load.
If the PC is stolen, no one will have access to data. If the hard disk gets faulty, the data is at risk, but since the encryption keys are stored in the Microsoft servers, data can still be recovered.
BitLocker Drive Encryption needs a hardware chip called Trusted Platform Module or TPM to work. It enhances the encryption process by providing a place for storage of keys which otherwise would have to stored in the hard disk along with all other data. Though strictly speaking, the requirement of TPM can be bypassed.
Enable BitLocker Drive Encryption
BitLocker Drive Encryption option is available in the Control Panel.
To use BitLocker Drive Encryption, click on the option and select turn on for the individual drive.
Older hardware might not have the TPM chip installed. In that case, an error prompt will come up like this.
To enable BitLocker, go to Local Group Policy Editor by typing in ‘gpedit.msc’ in Windows Search.
Navigate to Administrative Templates, Windows Components, BitLocker Drive Encryption and choose Either Fixed Data Drive or Removable Data Drive as per your preference. Enable Require additional authentication at startup option.
Now when BitLocker is enabled, if will configure the drive and then ask for setting of a password. This password will be required to be inserted every time the PC boots. A USB Drive can also be used in lieu of a password.