BitLocker Device Encryption Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 10, Microsoft offers BitLocker Device Encryption support on a much broader range of devices, including those that are Modern Standby, and devices that run Windows 10 Home edition. If you want to use standard BitLocker encryption instead, it's available on supported devices running Windows 10 Pro, Enterprise, or Education. Some devices have both types of encryption. For example, a Surface Pro which runs Windows 10 Pro has both the simplified device encryption experience, and the full BitLocker management controls.
- Windows 10 Device Encryption Vs Bitlocker Download
- Install Bitlocker Windows 10 Home
- Windows 10 Device Encryption Bitlocker
- Bitlocker Not Showing Up In Windows 10
- Windows 10 Device Encryption Vs Bitlocker Windows 7
- Windows 10 Device Encryption Vs Bitlocker Pro
- Windows 10 Home Device Encryption Vs Bitlocker
When you store sensitive data on your computer, it's crucial that you take the necessary steps to protect that data (especially if you use a laptop or tablet). This is not just to stop the NSA from accessing your files, but it's more about preventing your private data from falling into the wrong hands in the slightly change you lose your device, or it gets stolen.
On way you can protect your data is by using encryption. Briefly, encryption is basically the process of making any type of data unreadable by anyone without proper authorization. If you use encryption to scramble your data, it will continue to be unreadable even after sharing it with other people. In other words, only you with the right encryption key can make the data readable again.
Windows 10 Device Encryption Vs Bitlocker Download
Windows 10, similar to previous versions, includes BitLocker Drive Encryption, a feature that allows you to use encryption on your PC's hard drive and on removable drives to prevent prying eyes from snooping into your sensitive data.
Install Bitlocker Windows 10 Home
In this Windows 10 guide, we'll walk you through the steps to set up BitLocker on your PC to make sure your sensitive data stays secure.
![Windows 10 Device Encryption Vs Bitlocker Windows 10 Device Encryption Vs Bitlocker](/uploads/1/2/6/0/126028079/451246489.jpg)
Things to know before diving into this guide
- BitLocker Drive Encryption is available only on Windows 10 Pro and Windows 10 Enterprise.
- For best results your computer must be equipped with a Trusted Platform Module (TPM) chip. This is a special microchip that enables your device to support advanced security features.
- You can use BitLocker without a TPM chip by using software-based encryption, but it requires some extra steps for additional authentication.
- Your computer's BIOS must support TPM or USB devices during startup. If this isn't the case, you'll need to check your PC manufacturer's support website to get the latest firmware update for your BIOS before trying to set up BitLocker.
- Your PC's hard drive must contain two partitions: a system partition, which contains the necessary files to start Windows, and the partition with the operating system. If your computer doesn't meet the requirements, BitLocker will create them for you. Additionally, the hard drive partitions must be formatted with the NTFS file system.
- The process to encrypt an entire hard drive isn't difficult, but it's time-consuming. Depending the amount of data and size of the drive, it can take a very long time.
- Make sure to keep your computer connected to an uninterrupted power supply throughout the entire process.
Important: While BitLocker is a stable feature on Windows 10, as any significant change you make to your computer has its risks. It's always recommended that you make a full backup of your system before proceeding with this guide.
How to check if your device has a TPM chip
- Use the Windows key + X keyboard shortcut to open the Power User menu and select Device Manager.
- Expand Security devices. If you have a TPM chip, one of the items should read Trusted Platform Module with the version number.
Note: Your computer must have a TPM chip version 1.2 or later to support BitLocker.
Alternatively, you can also check your PC manufacturer's support website to find out if your device includes the security chip, and for instructions to enable the chip in the BIOS (if applicable).
Devices, such as Surface Pro 3, Surface Pro 4, or Surface Book come with the TMP chip to support BitLocker encryption.
How to ensure you can turn on BitLocker without TPM
If your computer doesn't include a Trusted Platform Module chip, you won't be able to turn on BitLocker on Windows 10. In this is your case, you can still use encryption, but you'll need to use the Local Group Policy Editor to enable additional authentication at startup.
Windows 10 Device Encryption Bitlocker
- Use the Windows key + R keyboard shortcut to open the Run command, type gpedit.msc, and click OK.
- Under Computer Configuration, expand Administrative Templates.
- Expand Windows Components.
- Expand BitLocker Drive Encryption and Operating System Drives.
- On the right side, double-click Require additional authentication at startup.
- Select Enabled.
- Make sure to check the 'Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)' option.
- Click OK to complete this process.
How to turn on BitLocker on the Operating system drive
Once you made sure BitLocker can be properly enabled on your computer, follow these steps:
- Use the Windows key + X keyboard shortcut to open the Power User menu and select Control Panel.
- Click System and Security.
- Click BitLocker Drive Encryption.
- Under BitLocker Drive Encryption, click Turn on BitLocker.
- Choose how you want to unlock your drive during startup: Insert a USB flash drive or Enter a password. For the purpose of the guide, select Enter a password to continue.
- Enter a password that you'll use every time you boot Windows 10 to unlock the drive, and click Next to continue. (Make sure to create a strong password mixing uppercase, lowercase, numbers, and symbols.)
- You will be given the choices to save a recovery key to regain access to your files in case you forget your password. Options include:
- Save to your Microsoft account
- Save to a USB flash drive
- Save to a file
- Print the recovery
Select the option that is most convenient for you, and save the recovery key in a safe place.Quick Tip: If you trust the cloud, you can choose to save your recovery key in your Microsoft account using the Save to your Microsoft account option. In which case, you can retrieve your encryption key at this location: https://onedrive.live.com/recoverykey. - Click Next to continue.
- Select the encryption option that best suits your scenario:
- Encrypt used disk space only (faster and best for new PCs and drives)
- Encrypt entire drive (slower but best for PCs and drives already in use)
- Choose between the two encryption options:
- New encryption mode (best for fixed drives on this device)
- Compatible mode (best for drives that can be moved from this device)On Windows 10 version 1511, Microsoft introduced support for XTS-AES encryption algorithm. This new encryption method provides additional integrity support and protection against new attacks that use manipulating cipher text to cause predictable modifications in clear text. BitLocker supports 128-bit and 256-bit XTS AES keys.
- Click Next to continue.
- Make sure to check the Run BitLocker system check option, and click Continue.
- Finally, restart your computer to begin the encryption process.
- On reboot, BitLocker will prompt you to enter your encryption password to unlock the drive. Type the password and press Enter.
After rebooting, you'll notice that your computer will quickly boot to the Windows 10 desktop. However, if you go to Control Panel > System and Security > BitLocker Drive Encryption, you'll see that BitLocker is still encrypting your drive. Depending on the option you selected and the size of the drive, this process can take a long time, but you'll still be able to work on your computer.
Once the encryption process completes, the drive level should read BitLocker on.
You can verify that BitLocker is turned on by the lock icon on the drive when you open This PC on File Explorer.
BitLocker Drive Encryption options
When BitLocker is enabled on your main hard drive, you'll get a few additional options, including:
- Suspend protection: When you're suspending protection your data won't be protected. Typically, you would use this option when applying a new operating system, firmware, or hardware upgrade. If you don't resume the encryption protection, BitLocker will resume automatically during the next reboot.
- Back up your recovery key: If you lose your recovery key, and you're still signed into your account, you can use this option to create a new backup of the key with the options mentioned on step 6.
- Change password: You can use this option to create a new encryption password, but you'll still need to supply the current password to make the change.
- Remove password: You can't use BitLocker without a form of authentication. You can remove a password only when you configure a new method of authentication.
- Turn off BitLocker: In the case, you no longer need encryption on your computer, BitLocker provides a way to decrypt all your files. However, make sure to understand that after turning off BitLocker your sensitive data will no longer be protected. In addition, decryption may take a long time to complete its process depending on the size of the drive, but you can still use your computer.
How to turn on BitLocker To Go
BitLocker is not an encryption feature that you can enable globally on every drive connected to your computer at once. It has two part: you can use BitLocker Drive Encryption to encrypt your sensitive data on the main hard drive of your PC, and then you can use BitLocker To Go. This last feature will help you to use encryption on remove drives and secondary hard drives connected to your computer.
To turn on BitLocker To Go on a removable drive do the following:
- Connect the drive you want to use with BitLocker.
- Use the Windows key + X keyboard shortcut to open the Power User menu and select Control Panel.
- Click System and Security.
- Click BitLocker Drive Encryption.
- Under BitLocker To Go, expand the drive you want to encrypt.
- Click the Turn on BitLocker link.
- Check the Use a password to unlock the drive option, and create a password to unlock the drive. (Make sure to create a strong password mixing uppercase, lowercase, numbers, and symbols.)
- Click Next to continue.
- You will be given the choices to save a recovery key to regain access to your files in case you forget your password. Options include:
- Save to your Microsoft account
- Save to a file
- Print the recovery
Select the option that is most convenient for you, and click Next. - Choose the encryption option that best suits your scenario:
- Encrypt used disk space only (faster and best for new PCs and drives)
- Encrypt entire drive (slower but best for PCs and drives already in use)
- Select between the two encryption options:
- New encryption mode (best for fixed drives on this device)
- Compatible mode (best for drives that can be moved from this device)In this step is recommended that you select the 'Compatible mode,' as it will ensure you can unlock the drive if you move it to another computer running a previous version of the operating system.
- Click Start encrypting to finish the process.
When encrypting a storage try to start with an empty removable media, as it'll speed up the process, then new data will encrypt automatically.
In addition, similar to BitLocker Drive Encryption, you will get the same additional options using BitLocker To Go, plus a few more, including:
- Add smart card: This option will allow you to configure a smart card to unlock the removable drive.
- Turn on auto-unlock: Instead of having to type a password every time you re-connect the removable drive, you can enable auto-unlock to access your encrypted data without entering a password.
Quick access to manage your BitLocker drive
Whether you turn on BitLocker for your system hard drive or removable drive, you can always get quick access to the BitLocker settings for a particular drive using the following steps:
- Use the Windows key + E keyboard shortcut to open File Explorer.
- Click This PC from the left pane.
- Right-click the encrypted drive and select Manage BitLocker.
Wrapping things up
While Microsoft only includes BitLocker on Windows 10 Pro and Enterprise, this is one of those features that should be standard in every edition, including on Windows 10 Home. Even more, considering that we continue to move into a digital world, where every day, we're creating more sensitive data on our computers than ever before, and data encryption is crucial to protect our data from prying eyes.
It's worth pointing out that enabling data encryption may slightly slow down the performance of your device due to the encryption process that will continue to run in the background. However, it's a feature worth using to keep your sensitive data secure.
Do you use data encryption on your computer? Tell us in the comments below.
More Windows 10 resources
For more help articles, coverage, and answers on Windows 10, you can visit the following resources:
We may earn a commission for purchases using our links. Learn more.
When you really need to keep your files safe and secure, you need encryption. We’ve covered the basics before, and even rounded up your favorite encryption tools, but today we’re putting two of the most popular options for Windows head to head to see which one is the best at keeping your sensitive data safe.
The Contenders
Choosing two encryption tools for this comparison wasn’t easy. Should we consider two similar tools, or two of the most often-used tools? We opted for the latter in this case, and decided to focus on Windows, since—beyond it being the most popular OS in use—it lets us narrow our focus to the two big apps most people would actually choose from, even if there are tons of options with different features available. Don’t worry, if your favorite encryption app or platform isn’t included here, we’ll get to you soon. Now, with that said, let’s take a look at our two big contenders:
- Bitlocker: Microsoft’s own baked-in encryption tool is very popular, partially because it’s effective and built-in to the OS you’re already using (assuming you’re using Windows 7 Ultimate or Enterprise, Windows 8 Pro or Enterprise, or Windows 10 Pro or Enterprise.) Bitlocker supports AES encryption, and while it’s primarily used for whole-disk encryption to lock down your entire computer and not just specific files, it also supports encrypting other volumes or a virtual drive that can be opened and accessed like any other drive on your computer. If you’re looking to encrypt specific data and not everything on your PC, that’s the way to go. When I asked publicly what encryption tools people were using, Bitlocker made more than a few appearances.
- VeraCrypt: Free, open-source (mostly,) and cross-platform, VeraCrypt can handle almost anything you throw at it. It’s a fork of TrueCrypt, which melted down and ceased development back in 2014, but since then it’s been updated, improved its own security, and gotten a lot faster. VeraCrypt supports AES, TwoFish, and Serpent encryption ciphers, and supports the creation of hidden, encrypted volumes within other volumes. VeraCrypt also supports full-disk encryption, including system disks. This makes the tool flexible enough to do both on-the-fly file and volume encryption to keep specific files and data safe, or to encrypt entire systems so they’re only accessed by authorized users. It also doesn’t hurt that VeraCrypt is fast, free, and available on just about any computer you may need it—or your encrypted data—on.
Advertisement
Both options are solid, and you absolutely could (and, if you’re serious, should) use both. We’ll get into the nitty gritty in a moment, but Bitlocker is great for seamless, don’t-even-know-it’s-happening full disk encryption, and VeraCrypt is excellent at encrypting volumes, drives, containers, or specific files for storage or on-the-fly security. If we had to make an early recommendation, we’d say use both that way.
Bitlocker Not Showing Up In Windows 10
Still, Bitlocker and VeraCrypt are very different tools, and who each one will be best for depends heavily on the type of user you are, and what you have access to. Let’s run down some of the big differences.
![Bitlocker drive encryption windows 10 Bitlocker drive encryption windows 10](/uploads/1/2/6/0/126028079/588189243.png)
VeraCrypt Wins on Availability
Advertisement
The biggest difference between VeraCrypt and Bitlocker is the most obvious one: Who can actually use it.
Not everyone has access to the Pro or Enterprise versions of Windows, which makes Bitlocker a non-starter for a lot of people. If you’re running Windows 7, 8, or 10 Home, you can’t even think about using Bitlocker unless you uplift to Pro. While we generally prefer the Pro versions ourselves, if you went out and bought a computer today, you’d probably get something with the Home version of Windows installed. On that front, VeraCrypt is a clear winner, since it’s available to anyone on any version of Windows (and of course, on other OSes.)
Advertisement
Similarly, the fact that a Trusted Platform Module (TPM) cryptoprocessor is required to use Bitlocker with your computer (or jump through a bunch of hoops to set it up otherwise) further narrows the field a bit—but not much. TPM uses hardware to integrate encryption keys into your device, and makes encryption and decryption transparent to you. It also has its own issues, more on that later.
Advertisement
Of course, most modern computers support TPM and have one installed, and if you’re a PC builder, you’re probably going to get a motherboard that has one too, whether you plan to or not. People with older hardware may have more difficulty, but anyone with modern devices will be fine—but it’s still a constraint VeraCrypt users won’t have to worry about on any platform, and it’s also something that keeps Bitlocker from adoption beyond Windows, not that Microsoft is terribly concerned with security beyond its own operating system.
Bitlocker Is Easier to Use, but It’s Not Like VeraCrypt Is Difficult
Advertisement
When it comes to ease of use, things are a little more contentious. As with any security product, the fastest way to get people to adopt your tool is to make it either on by default or so easy to enable that people will flip a switch and not think about it again. To that point, using Bitlocker to encrypt your whole hard drive is as easy as opening its Control Panel and enabling it.
To that point, full-disk encryption is the easiest way to secure all of your data. This means if your laptop is stolen or lost somewhere with sensitive data on it, and even if the drive is removed, you can trust that whoever ends up with it may get your hardware, but they won’t get your software and data, and you don’t have to manage containers to protect your files. Bitlocker excels at this, which is the reason so many businesses enable it by default. If you’re a power user, you can go further and encrypt partitions and additional volumes, or just turn it on for simple full-disk encryption while you use something else for specific files and folders.
Advertisement
All that said, it’s not like VeraCrypt is hard to use. You do have to install it and set it up—but that barrier is enough to keep some away from it, especially non-tech savvy, non-tinkerers. Using it for full-disk encryption is not a difficult process, but it is more involved than toggling a checkbox. You’ll need to make a recovery disk in case everything goes south, but you’ll also get the benefit of creating a decoy operating system so if you have to decrypt, you can decrypt the OS but not your data. It’s an example of the trend here: VeraCrypt is powerful, but you do need to be willing to dive in and really use it, and comfortable with a little more than turnkey effort.
VeraCrypt Wins on Security
Windows 10 Device Encryption Vs Bitlocker Windows 7
Advertisement
An encryption tool is only as good as the security it provides, and while VeraCrypt isn’t perfect, it’s definitely more robust than Bitlocker. Most users probably won’t notice the difference, but it is important to point out there’s a gap between them.
Windows 10 Device Encryption Vs Bitlocker Pro
VeraCrypt supports more encryption methods and types than Bitlocker does, stronger keys, a better encryption and decryption method (CBC vs XTS, although neither are perfect), and of course, is open source and open to audit. That’s something Microsoft likely would never allow, since Bitlocker is a proprietary product (and we all know how well security through obscurity works.) Best of all, the developers behind VeraCrypt took the results from TrueCrypt’s security audit and used their notes to improve their own product (and have begun to edge out closed TrueCrypt code from their own product.)
Windows 10 Home Device Encryption Vs Bitlocker
Advertisement
Like we mentioned though, VeraCrypt isn’t perfect. The Security Concerns section of its Wikipedia article sums up most of the big ones (although many of those, especially malware and other physical access concerns, also apply to Bitlocker) and are worth considering if you’re debating the two based on security. Plus, while VeraCrypt’s developers have worked to resolve many of the issues brought up in TrueCrypt’s audit, VeraCrypt has yet to go through its own full audit (although we hope it’ll begin later this summer.)
For its part, Bitlocker is no slouch. It’s not like it’s weak—it’s just not as robust. Bitlocker keeps things simple (largely to boost adoption), and doesn’t bog itself down with power-user features that, depending on who you are, you need or want to see to take the tool seriously. Its AES (128 and 256-bit) encryption is strong enough for the vast majority of people worried about losing their sensitive data in the back of a cab or someone snooping around their system—but if you actually have an intelligent adversary who wants your data, you’re not vulnerable per se, but you may want to strengthen your hand a bit.
Advertisement
The big—and still contentious, even today—issue around Bitlocker is whether or not Microsoft has backdoored the encryption software to make it easier for law enforcement and government agencies to access encrypted data. There’s no way we can settle that debate here, and it came up the last time we discussed Bitlocker. To be fair, most people won’t have an adversary like the NSA on their tails, so it won’t really matter, but we’ve already established that any backdoor—if it exists—is a bad one, because the door doesn’t care whether it’s the “good guys” or the “bad guys” (or the “bad good guys”) using it. Still, there’s no hard evidence—just a lot of suspicion, conjecture, and debate—that Bitlocker is backdoored, but there are more than a few good reasons to trust open source software over closed source, proprietary stuff anyway.
What You Should Know About Congress's Latest Attempt to Criminalize Encryption
A new draft bill in Congress will force tech companies to undermine or break their own security…
Read more ReadAdvertisement
Then there’s the question of whether or not TPM is secure. The developers of VeraCrypt (and a number of other open source security tools) refuse to support TPM, for good reason. TPM has been compromised before, although it required incredible effort to do so, but the truth is it’s good at one thing, but it’s not very good at protecting the system from malware or other attack vectors that could grant an intruder access to sensitive data.
At the end of the day, both products are strong, but VeraCrypt is just stronger and more flexible, even if it’s not turnkey. The average user won’t even notice the difference, and the fact that VeraCrypt is stronger shouldn’t keep you from using Bitlocker (just configure it properly) if you want a seamless, transparent full-disk encryption option.
Advertisement
The Verdict: VeraCrypt Is Stronger and More Powerful, but Use Bitlocker Too
Bottom line: Unless you’re planning to also use VeraCrypt for full-disk encryption, these two tools actually fit together better than they replace each other. Use Bitlocker for simple, full-disk encryption at the push of a button. Then fire up VeraCrypt and make some encrypted containers, hidden volumes, and leverage use all of the great benefits of the app. If you don’t want full disk encryption but do want to encrypt and decrypt specific files or containers, VeraCrypt is your best, fastest, most flexible bet.
Advertisement
If you’re a power user, or you don’t trust Microsoft (but you’re still using Windows), you could ditch Bitlocker entirely and go with VeraCrypt for everything, that’s fine too. The bar is a little higher for you when it comes to setup and configuration, but not so high it’s difficult to get over.
Either way, whatever you use, use something. Encryption is easier to embrace now than it’s ever been.
Advertisement
Image by JohnWilliamDoe.
Advertisement