Jul 29 2015

Encryption for Everyone – Part 2 Windows

In part 2 of our blog series on encryption we will focus on those who are running Windows.  BitLocker is fairly easy to set up and will keep your data-at-rest safe while your computer is powered down.

What is BitLocker?

BitLocker is Microsoft’s easy-to-use, proprietary encryption program for Windows that can encrypt your entire hard drive(s) as well as protect against unauthorized changes to your system such as firmware-level malware.

System requirements

To run BitLocker you need a Windows PC running Windows 7, 8.1, or 10, and for this tutorial also a motherboard with a Trusted Platform Module (TPM).

A TPM is a chip that runs authentication checks on your hardware, software, and firmware. If the TPM detects an unauthorized change, your PC will boot in a restricted mode.

If you don’t know whether your computer has a TPM chip, don’t worry. BitLocker will run a system check when you start it up.  If it turns out you do not have a TPM chip please read part 3 (coming soon!) of this blog which details how to use a USB drive as an alternate to a TPM chip.


Why should you use BitLocker?

Anyone looking to add another level of protection should keep their data at rest secure and encrypted.  This means that when your machine is powered down no one can boot it up and access your personal data without first decrypting which can only be achieved by entering the correct password or recovery key (which we will address shortly).  Login passwords do no good if anyone can load another OS from a USB drive so encryption is essential.

If you have a laptop, this level of protection is extremely important.  Due to their portability they are very easy targets to steal when your eyes are not on them.  Those who travel for business or pleasure should most definitely have their data encrypted and protected from falling into the wrong hands.


Steps to enable BitLocker encryption

The first thing you’ll need to do is load the Control Panel.

When the Control Panel opens, type BitLocker into the search box in the upper right corner and press Enter.

Next, click Manage BitLocker, and on the next screen click Turn on BitLocker.

Now BitLocker will check your PC’s configuration to make sure your device supports Microsoft’s encryption method.



If you see the below message it means Windows was unable to locate a TPM chip on your motherboard.

Bitlocker No TPM

No worries!  It just means you will have to set up Windows encryption using Part 3 of our blog series.



To activate your TPM chip, Windows has to be shut down. You will then have to manually turn your PC back on.
After the shutdown and power up, your computer should boot back up and once you login again you’ll see the BitLocker window.



You should see a window with a green check mark next to “Turn on the TPM security hardware.” When you’re ready, click Next.

Before you encrypt your drive, you need to save a recovery key in case you have problems unlocking your PC. Windows gives you three choices for saving this key in Windows 8.1: save the file to your Microsoft account, save to a file, or print the recovery key. You are able to choose as many of these options as you like, and you should choose at least two.

After hitting Next, you will be met with the following option:


If you are encrypting a new PC without any files then the option to encrypt only the used disk space is best as new files will be encrypted as they’re added, otherwise you should choose to encrypt the entire drive and hit Next.

You should then see an alert balloon in the system tray alerting you that encryption will begin after you restart the PC. Restart your PC.



After the final restart you should see a window displaying the status of the encryption process.


You can continue to work on your PC during the encryption process, but things may work a little slower than usual.

The length of time it takes to encrypt your files depends on how much data you’re encrypting, but will most likely take several hours so plan accordingly. After all those steps, your drive will be encrypted and your data at rest (when device is powered off) will be protected.