Home / Handy Tips / Bitlocker

what is BitLocker

Every year, PC security becomes even more important. Cybercriminals have evolved and become even more sophisticated in their efforts to gain access to your personal data and your important files. Whether you’re a home computer user or an IT professional, it’s vital you know about BitLocker, a drive encryption tool available on Windows 11. But what is BitLocker?

This article demystifies BitLocker. It explains what BitLocker is, how it works, and the reasons for maintaining a record of the BitLocker Recovery Key.

What is BitLocker?

BitLocker is a Microsoft Windows initiative. It’s a native Windows function that encrypts and protects all data and files on drives running Windows 11. Yes, you can use this powerful tool to encrypt your entire hard drive. Not only does this tool help defend against cybercrime, but BitLocker also protects your sensitive information if your computer gets stolen or lost.

Once you encrypt your drive, only those people with the unique BitLocker Recovery Key will be able to gain access to that drive and its information.

How BitLocker works

Once you enable BitLocker on your Windows-based system, your hard drive is then encrypted using AES (Advanced Encryption Standard) encryption algorithms with a 128 or 256-bit key. Encryption essentially scrambles data, leaving it unreadable without an authorised code to unscramble it. 128 to 256-bit encryption are very high levels of encrypted data, making it virtually impossible to decipher for even the most tech-savvy cyber criminals and hackers.

TPM (covered in more detail in the next section) secures the encryption key when your computer boots up. Once the system verifies the boot process as secure, TPM releases the key, giving you access to your files and data on the hard disk.

Not only can you use BitLocker to protect your computer’s internal hard drive, but you can also protect removable hard drives and USB drives as well. Accomplish all this with the BitLocker management console on your computer.

Setting up BitLocker

Now that we’ve covered what BitLocker is and what it does, let’s dive into how to set up BitLocker on your computer running Windows 11.

System requirements

  • You need two partitions on your computer’s hard drive to run BitLocker. One partition is for the operating system (in this case, Windows 11), while the second partition is for file storage.
  • The system or boot drive must be 64MB or greater and run the NTFS file system.
  • The BIOS and UEFI firmware need to support reading USB drives during the computer boot process.
  • Enabling the Secure Boot feature in the UEFI firmware is essential. This prevents unauthorised boot loaders from running.
  • It’s recommended to run TPM 1.2 or later with BitLocker.

What is TPM?

TPM (Trusted Platform Module) carries out cryptographic operations for hardware security protection. When operating in combination with TPM, BitLocker runs a pre-startup system integrity verification process. This verifies everything automatically when the PC boots up.

Activating and enabling BitLocker

Activating and enabling BitLocker is not that difficult. To keep things simple, we’ll go through the process step by step:

  1. Search for “Manage BitLocker” in the Start Menu search box. Alternatively, go to Control Panel and select System and Security > BitLocker Drive Encryption.
  2. Click on Turn on BitLocker.
  3. Windows will now check your system settings and configuration and may need to restart one or more times.
  4. Now choose a password before encryption takes place. You’ll need to enter this password every time you use your PC. You can enter passwords manually or via a USB drive.
  5. The next step in the process is choosing a recovery key. The Recovery Key is an added layer of security and access, and a requirement if you forget your PIN (password).
  6. Decide how much of your drive you want to encrypt. Generally, you’ll have two choices, “used disk space only” and “whole drive”.
  7. Choose “New encryption mode” for fixed drives or “Compatible mode” for removable drives.
  8. Finally, click on “Start encrypting”.
  9. Restart your computer, enter your password and the encryption process is complete.

Running BitLocker without TPM

You need to make modifications to the Group Policy Editor to run BitLocker without TPM. Here’s the process:

  1. Open the Run dialog box, type in gpedit.msc and hit Enter.
  2. In the User Account Control prompt, click Yes.
  3. Navigate to “Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives” in the Group Policy Editor.
  4. Double click Require additional authentication at startup and select Enabled.
  5. Check the box for Allow BitLocker without a compatible TPM. This requires a start up key on a USB drive or a password.
  6. Click Apply and OK to save the changes.

Now, you’ll need to access the Control Panel to complete the BitLocker setup procedure. Follow these steps:

  1. Click on Turn on BitLocker and then click Next in the following two dialog boxes.
  2. Hit Restart now and then click Next.
  3. The system will now prompt you to choose an encryption method. Choose between Insert a USB flash drive or Enter a password. Make your selection and click Next.
  4. Select how you want to back up your recovery key and click Next.
  5. Now choose whether to encrypt the entire drive or only used disk space and then click on Start encryption.

The importance of the Recovery Key

When you enable BitLocker, you’ll receive a unique 48-digit numerical password. This is your Recovery Key. If for any reason you have difficulty accessing your encrypted drive, or there are issues with your password, you can use your Recovery Key to access your PC and its files.

It’s vital that you keep your Recovery Key safe. If you lose it and cannot access your computer for any reason, you won’t be able to log back in.

Best practices for Recovery Key management

While you’ll want access to your Recovery Key, you won’t want anyone else to know what it is. Therefore, you need to come up with options where you can access it, but no one else can.

One option is to write or print out the Recovery Key on a piece of paper and store it in a safe or strong box. There are also secure digital storage options, such as storing your Recovery Key in the cloud, or in a password manager such as 1Password.

Need help setting up BitLocker or troubleshooting related issues?

At Computer Cures, we offer quality PC repair services for home and business users. If you want to set up BitLocker on your PC but don’t feel confident doing it yourself, our expert team can set it up for you. Also, if you encounter any issues with BitLocker, we can troubleshoot them. Contact us today for all your computer service and repair requirements.

or fill in our online enquiry form today to set up an appointment with a local computer technician