How to use BitLocker encryption

We all want to make sure our data is safe and secure. BitLocker is a great way to easily encrypt the data on your entire device and keep it protected from prying eyes.

What is BitLocker?

BitLocker is an encryption feature built into computers running Windows 10 Pro—if you’re running Windows 10 Home you will not be able to use BitLocker.

BitLocker creates a secure environment for your data while requiring zero extra effort on your part. In fact, once it’s setup, you might even forget that it’s there and working!

Don’t know which version of Windows you’re using? You can find your current license and version by typing About your PC in the Windows search box then pressing Enter. Scroll down to the Windows specifications section. The version of Windows currently installed on your computer will be found under Edition.

Screenshot of About your PC on Windows 10

If you’re not on Windows 10 Pro and would like to upgrade to take advantage of the encryption and other business-oriented features it has to offer, you can do so by opening the Store app on your computer, and searching for Windows 10 Pro.

Screenshot of update to Windows Pro on Microsoft Store page

What does BitLocker do?

BitLocker secures your data by encrypting it. Encryption secures your data by scrambling it so it can’t be read without authenticated decrypting using a recovery key. BitLocker differs from most other encryption programs because it uses your Windows login to secure your data; no extra passwords needed. Once you’re logged in, your files look just like they would otherwise, and once you log out, everything’s secured.

Is BitLocker right for me?

There are many reasons to use data encryption. If any of the below apply to you, BitLocker might be just what you’re looking for!

  • I want to secure my data in the case of device theft
  • My job requires that I encrypt my data
  • I want a little extra peace of mind

However, if any of the below apply to you, BitLocker might not be the right solution:

  • My device doesn’t have Windows 10 Pro
  • I only want to encrypt a couple of files

What is a BitLocker key?

A BitLocker Key is generated when you first encrypt your data and works just like any other key. You can use this key to unlock your data manually. In the event of device failure, your key allows you to revert your scrambled data, thereby making it readable again. Without it, your data will remain inaccessible.

How will BitLocker change how I use my computer?

In short, BitLocker is designed to protect your data while being as unobtrusive as possible. It does so by making sure that the person using your computer is actually you.

BitLocker captures information about your computer like the make, model, and internal part serial numbers, and uses it to ensure that your drive hasn’t been stolen and inserted into another machine. Once this information has been verified, you’ll be required to log into your computer using your password. If anything seems off, BitLocker will ask for your recovery key (also commonly referred to as a ‘BitLocker Key’, ‘Decryption Key’, or ‘PIN’).

Your data will remain locked until you provide it. If you share your computer with others, you can still use your computer normally with BitLocker enabled, but by default, the person who set up BitLocker will be the only one with the BitLocker Key backed up.

Getting started with BitLocker

Let’s walk through a few simple steps to take to start using data encryption. First, type BitLocker in the Windows search box, then press Enter. Next, select Turn on BitLocker.

Screenshot of Turn on BitLocker settings page

Backing up your BitLocker Recovery Key

There are multiple different ways to back up the BitLocker recovery key. It’s extremely important that this key be backed up: without it all data on your device will be inaccessible.

BitLocker gives you three different options for backing up your recovery key: Save to your Microsoft Account, Save to a file, or Print the recovery key.

Using your Microsoft Account is recommended: in the event you need to recover your BitLocker recovery key you can access it through the BitLocker Recovery Keys page after logging into your Microsoft account. However, if you choose to save your BitLocker recovery key to a file or print it, make very sure that you keep it in a safe place that’s not on the encrypted device. Without your BitLocker key, all data on your device will remain completely inaccessible.

Screenshot of Microsoft Account BitLocker recovery key page

How much of your drive to protect

How much of your drive you want to encrypt depends on how much time you have and whether you’re encrypting a new device or one that’s already in use. You have two choices: Encrypt used disc space only is faster and better for new PCs and drives, while Encrypt entire drive is slower but better for PCs and drives already in use.

The process to encrypt an entire hard drive isn't difficult, but it can be time-consuming and depends on the amount of data and size of the drive. Microsoft estimates that BitLocker will take about one minute for every 500 MB encrypted. The good news is that you only need to do it once.

Screenshot of BitLocker drive encryption page

Choose your encryption mode

The ability to choose your encryption mode is a new feature in Windows 10. If you plan on using your drive with older versions of Windows, or versions of Windows 10 released before mid-2016 (version 1511 or older), select Compatible Mode. Otherwise choose New Encryption Mode (this will be the right option for most). Then, click Next.

Screenshot of different modes to select on BitLocker drive encryption page

BitLocker system check

You can choose to either start encryption of your drive or run a BitLocker system check first. We recommend running the BitLocker system check, as it will ensure that BitLocker can read the Recovery Key before encrypting the drive.

Screenshot of run BitLocker system check

BitLocker will restart your computer before encrypting, but you can continue to use it while your drive is encrypting. Once encryption is complete, you’ll log into your computer just as you normally would. BitLocker will work unobtrusively in the background.

How do I turn BitLocker off?

If you find that BitLocker isn’t right for you and you’d like to disable it, you can easily do so. Simply log in, type BitLocker into the Windows search box, and press Enter. Next, select Turn off BitLocker.

Screenshot of BitLocker settings page

Staying safe

No one can promise to keep unexpected, unfortunate situations at bay: life happens. But we can all take measures to protect ourselves when they do. BitLocker is a great solution to secure your data. Should your device fall into unwanted hands, you can rest assured that what’s in it stays out of reach.