Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

A beginner's guide to BitLocker, Windows' built-in encryption tool

Ian Paul | June 2, 2014
The creators of TrueCrypt shocked the computer security world this week when they seemingly ended development of the popular open source encryption tool. Even more surprising, the creators said TrueCrypt could be insecure and that Windows users should migrate to Microsoft's BitLocker. Conspiracy theories immediately began to swirl around the surprise announcement.

So with BitLocker's closed source nature in mind, I wouldn't count on this encryption program defending your data against a government actor such as border agents or intelligence services. But if you're looking to protect your data in case your PC is stolen or other situations where petty criminals and non-government types might mess with your hardware then BitLocker should be just fine.

Getting ready to go crypto, Microsoft style

The first thing you'll need to do is fire up the Control Panel. 

When the Control Panel opens, type BitLocker into the search box in the upper right corner and press Enter. Next, click Manage BitLocker, and on the next screen click Turn on BitLocker.

Now BitLocker will check your PC's configuration to make sure your device supports Microsoft's encryption method. 

If you're approved for BitLocker, Windows will show you a message like this one. If your TPM module is off then Windows will turn it on automatically for you, and then it will encrypt your drive.


To activate your TPM security hardware Windows has to shut down completely. Then you will have to manually turn your PC back on. Before you go ahead with this process make sure any flash drives, CDs, or DVDs are ejected from your PC. Then hit Shutdown.

Once you restart your PC, you may see a warning that your system was changed. In my case I had to hit F10 to confirm the change or press Esc to cancel. After that, your computer should boot back up and once you login again you'll see the BitLocker window.

Recovery key and encryption

After a few minutes, you should see a window with a green check mark next to "Turn on the TPM security hardware." We're almost at the point where we'll encrypt the drive! When you're ready, click Next.

Before you encrypt your drive, however, you have to save a recovery key just in case you have problems unlocking your PC. Windows gives you three choices for saving this key in Windows 8.1: save the file to your Microsoft account, save to a file, or print the recovery key. You are able to choose as many of these options as you like, and you should choose at least two.

In my case, I chose to save the file to a USB key and print the key on paper. I decided against saving the file to my Microsoft account, because I don't know who has access to the company's servers. That said, saving your key to Microsoft's servers will make it possible to decrypt your files if you ever lose the flash drive or paper containing your recovery key code.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.