In this article, we will talk about one of the most effective and powerful encryption mechanisms available with Windows Systems. BitLocker is a feature that enables you to encrypt your hard drive data so that it becomes practically impenetrable by hackers. This means that even if your portable device gets in the wrong hands, without knowing the unlock password, the data is protected and cannot be read. I will show you how to activate and configure BitLocker on a Windows 8 Operating System. Note that the same settings are applied to previous versions of Windows that support BitLocker.
To configure BitLocker you have to navigate to Control Panel\System and Security\BitLocker Drive Encryption. On my laptop I have two drives: the OS and Data partitions. The Operating System partition is already encrypted with BitLocker:
TPM or Trusted Platform Module (TPM) is a hardware chip that is equipped on portable devices. TPM is used to secure the BitLocker encryption key. If your laptop has the TPM module installed then check out system BIOS for TPM settings. By default, if a device is not equipped with a TPM chip, BitLocker cannot be enabled. If you don’t know if the device is equipped with a TPM module, check out BIOS or TPM Administration menu from the BitLocker Drive Encryption menu. My laptop does not contain a TPM chip so this is the message shown in the TPM Administration section:
You can still use BitLocker with a laptop that does not contain a TPM chip, by enabling a local group policy. Open Local Group Policy Editor (gpedit.msc from run prompt) and navigate to Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption/Operating System Drives and enable the Require additional authentication on startup policy:
If you enable this feature you can use BitLocker on your laptop but the TPM module will not be used to secure the encryption key. There are two authentication options available after enabling this feature, using a startup password or by using a smart card with a PIN code. I prefer using a startup password so I will show you how to configure it. From the BitLocker Drive Encryption window, select the partition that you want to encrypt and click on Turn on BitLocker:
Now check the Use a password to unlock this device option and enter the desired password and press Next:
The OS will prompt you to save the recovery key on an external device. The recovery key is used to unlock the hard drive if you forgot the password or lose the smart card. There are four options available: Save to your Microsoft account, Save to USB flash drive, Save to file and Print the recovery key. Choose what option suits you best and then click Next:
In the following window you have to select how much of the drive will be encrypted with BitLocker. If you are enabling this feature on a brand new hard drive select the first method else select the second one. The OS will then inform you that the operation will take some time depending on your hard drive storage capacity and the amount of data written on the storage device. After a system reboot, BitLocker will start encrypting your data:
To read the rest of this article, CLICK HERE
