TrueCrypt’s authors stunned the computer security industry in 2014. They announced that they will no longer develop their famous open-source encryption application. Even more shocking was their statement, that TrueCrypt may not be reliable anymore and that Windows users are better off using Microsoft’s BitLocker instead. If you’re asking yourself What is Bitlocker? Keep reading.
Table of Contents - Click Here
So what is BitLocker?
BitLocker is a simple-to-use, proprietary encryption application for Windows that can encrypt your whole hard drive. It will protect you against unauthorized system changes including firmware-level malware.
Anyone with a computer running these versions can use it:
- Windows Vista Ultimate and Enterprise
- Windows 7 Ultimate and Enterprise
- Windows 8 Pro and Enterprise
- Windows 8.1 Pro and Enterprise
- Windows 10 Pro, Enterprise and Education
- Windows 11 Pro, Enterprise and Education
- Windows Server 2008 and newer
What system requirements does BitLocker have?
A Windows PC running one of the OS versions listed above, as well as a storage drive with at least two partitions are required to run BitLocker. In order for Bitlocker to run the system integrity check Trusted Platform Module (TPM) of version at least 1.2 is required.
Should your PC not have a TPM you can still enable it manually.
A TPM is a chip that checks your hardware, software, and firmware for authenticity. If the TPM detects an illegal change, your computer will boot in a restricted mode to protect you from possible attackers.
Who is BitLocker best suited for?
The trouble with BitLocker is, that it is a proprietary program (closed source). Users have no way of knowing whether Microsoft was forced into placing a backdoor into the application under force from the US government.
This could be an issue for those who are extremely privacy-oriented.
Given BitLocker’s closed-source nature, I wouldn’t expect this encryption tool to protect your data from government actors like border officers or intelligence agencies.
However, if you want to safeguard your data in the event that your computer is stolen or otherwise tampered with, BitLocker should do the trick.
How to setup Bitlocker
I will show you how to set up Bitlocker in Windows 10, 8.1, and 8 in this article. The reason behind this is, that these versions are installed on nearly 85% of the Windows computers out there (source).
The good news is, that the setup process for the above three Windows versions is pretty much identical. This means you should be able to follow my setup guide easily, doesn’t matter what Windows version (of the three) you have.
Below, I written what seems like a lot of steps, but I split the whole setup into very small steps, to make my guide easier to digest.
So without further ado, let’s start.
Step 1 – Right click the drive you want to encrypt and select Turn BitLocker ON
Go to This PC through the start button, then locate the drive you want to encrypt. Once you located it, click on the drive with your right mouse button and select TURN BitLocker ON.
Step 1b – Did you get an error message?
If you got the below error message after you clicked on the Turn Bitlocker on button, your PC doesn’t have TPM. But don’t worry, you can still use it, so head over to step 2.
If you get NO error here, it means your PC has TPM and you have two options here:
- You want to add PIN protection on top of TPM encryption, go to step 2.
- TPM encryption alone is enough for you, then skip steps 2-6 and go directly to step 8.
NOTE: Either way, don’t close This PC window just yet, as we will be using it again.
Step 2 – Type gpedit.msc into the command prompt
You now have to open the command prompt, so click on and hold the Windows button plus the letter R. When opened, type gpedit.msc and hit enter.
Step 3 – Go to Administrative templates and Windows Components
With the previous step, you opened the Local Group Policy Editor and on the left-hand side, you will see some folders. Under Computer Configuration select Administrative templates and after the Windows Components folder.
Step 4 – Go to Bitlocker Drive Encryption and Operating System Drives
Among the folders in Windows Components look for and open Bitlocker Drive Encryption and then Operating System Drives.
Step 5 – Double click the Require additional authentication at startup
Great, just hang on, we are nearly there. Among all the settings options look for and double click the Require additional authentication at startup option.
Step 6 – Click on Enabled and Apply
What you are looking for here is the Enabled option right at the top of the window. Now click on it and make sure there is a checkmark next to the option Allow Bitlocker without TPM. Then click on APPLY to confirm the changes and close this window.
Now go back to This PC and right-click the drive you wish to encrypt, then select Turn Bitlocker on. There should now be no error now and you can proceed to step 7.
Step 7 – Choose how to unlock your drive
After you went back to This PC and click the Turn Bitlocker on, you will see the below message. All you have to do here is to choose how you want to unlock your hard drive at startup.
I recommend a password, as you can easily loose or damage a flash drive. But you make the decision here.
Note: This is the last step, which is different if you decided to activate extra PIN protection, or if you don’t have TPM.
Step 8 – Where to back up your recovery key
I cannot stress enough, how important this step is. You HAVE to store your recovery key safely, so you can reach it at any time.
If you have trouble encrypting your disk, the recovery key is the ONLY way to get access to the drive.
I recommend to save the key to at least 2 of the 3 offered options (see picture below).
Note: The you cannot save the recovery key to a file on the disk you are trying to encrypt.
Note 2: you might see 4 options, depending on the Windows version you are using
Step 9 – Choose encryption size
You will now see two options you can choose from:
- Encryption only for the used space of the hard drive. Microsoft themselves suggest this option as best for new computers. After encryption all new data will be then encrypted as it is created and not the whole drive. This is the faster option.
- Or Encryption for the whole hard drive, which is suggested to be used on all computers already in use. This option will also take longer to finish.
Now, the decision is yours, but I personally use the encryption for the whole drive.
Note: In Windows 10 and Windows 11 users can activate Bitlocker before they install Windows.
Step 10 – Choose encryption mode
Now you will have two options (again) to choose from, but they are very straight forward:
- If your computer has fixed hard drive inside the computer, then choose the New encryption mode.
- But if you are trying to encrypt removable, external hard drive, then choose Compatible mode.
Step 11 – Start Bitlocker encryption
In this step we will finally be launching the encryption process. Make sure to put a checkmark next to Run Bitlocker system check and click the Continue button.
Step 12 – Restart your computer
Before the encryption will start, you have to restart your computer.
First click on the notification icon in the bottom right corner of your screen on the taskbar, then click on the Bitlocker icon.
You will now see a message requesting computer restart, so click the Restart now button.
Step 13 – Wait for encryption to finish
After you restarted your computer the encryption will start. To check on the encryption process, you can follow the tasks from step 12. Click on the notification icon in the bottom right corner, then click the Bitlocker icon.
Wait for the encryption to finish. If you didn’t choose the PIN protection (in steps 2-7) then you just finished encryption of your disc. Congratulations.
If you selected the PIN protection before, you will have to do two more step before you finish encryption setup.
Step 14 – Activate the PIN protection
This is the last step for those of you, that activated the PIN protection. So to proceed, go back to This PC and right click the drive that you just encrypted. And click Manage Bitlocker.
From the provided options select and click on Change how drive is unlocked at start up.
Step 15 – Enter PIN to finish Bitlocker setup
Now just click on Enter a PIN, choose a PIN of 6-20 numbers, type it in twice for confirmation and click Set PIN.
That’s it, you just finished setting up Bitlocker on your computer. Should you have any questions about this process or need help with any of the above steps leave a comment below. Alternatively you can fill up the Contact us form and I will get back to you via email.
Additional Uninstall Helper resources: