Windows 10 Full Disk Encryption

Windows 10 will automatically encrypt the storage on modern PC with BitLocker. Enable Full Disk Encryption will help protect your files in case someone steals your laptop and tries to get at them, but it has important ramifications for data recovery.

Simply locking your PC with a password isn’t enough, as hackers can still find ways to bypass the lock screen. The good news is that you can still protect your information on Windows 10 by using BitLocker drive encryption. Windows BitLocker Drive Encryption is a new security feature that provides better data protection for your computer, by encrypting all data stored on the Windows operating system volume.

How Disk Encryption Works

The goal of disk encryption is to make it so that if someone who isn’t you has access to your computer they won’t be able to access any of your files, but instead will only see scrambled, useless ciphertext.

Most disk encryption works like this. When you first power your computer on, before your operating system can even boot up, you must unlock your disk by supplying the correct encryption key. The files that make up your operating system are on your encrypted disk, after all, so there’s no way for your computer to work with them until the disk is unlocked.

In most cases, typing your passphrase doesn’t unlock the whole disk, it unlocks an encryption key, which in turn unlocks everything on the disk. This indirection allows you to change your passphrase without having to re-encrypt your disk with a new key, and also makes it possible to have multiple passphrases that can unlock the disk, for example if you add another user account to your laptop.

Encrypt your hard drives in Windows 10

BitLocker can be be used to secure both internal and external hard-drives. It doesn’t only function after signing in to Windows, it can also determine if a security threat is present during the boot up process, so you’re fully covered.

  1. To set up BitLocker Drive Encryption, hit Start, type BitLocker, then click Manage BitLocker.
  2. Select the drive that you want to encrypt, and click Turn on BitLocker.
  3. Select how you want to unlock the drive, either by password or by smartcard.
  4. Choose where you want to save the recovery key in case you forget your password.
  5. Choose whether you want to encrypt the entire drive, or only the used space. This will determine how fast your drive works when encrypted.

Once you click start encrypting, Windows will work on securing your drive. Once complete, only those with the password will be able to access the drive. When plugging the drive into another computer, say at school or work, Windows will ask for its password before unlocking it. You’ll be pleased to know that it’s not limited to Windows 10, a password will still be required even on older computers dating back to Windows XP!

If BitLocker isn’t supported in your version of Windows, you can choose to upgrade to a version of Windows that is supported by buying a license (open Control Panel, System and Security, System, and click “Get more features with a new edition of Windows”). You can also choose to use different full disk encryption software, such as the open source program DiskCryptor.