I always take my laptop with me when I travel, which means I'll inevitably have to leave it unattended in the hotel room or airport security line. To ensure my personal data is protected if my PC is lost or stolen, I use BitLocker.
BitLocker is a security feature that encrypts your storage drive with a complex key to safeguard it against unauthorized access. If your PC goes missing and someone tries to use the drive on another computer, BitLocker locks them out by requiring the key to decrypt the data.
I've also taken to using BitLocker on my desktop PC at home, even though it should be safe and secure in my home office. You can even apply it to an external drive. Here's how to make sure your files are secure.
BitLocker Requirements
To use BitLocker, you need to be running Windows 10 or 11 Pro, Enterprise, or Education. For Home editions of Windows, there is an alternative secure feature called Device encryption, which isn’t as powerful as BitLocker but still provides some protection.
To double-check your version in Windows 11, go to Settings > System > About . Scroll down the screen to the Windows Info section to see which edition is installed.
Set Up BitLocker
To access BitLocker, open Control Panel in icon view and select BitLocker Drive Encryption . Alternatively, start typing BitLocker in the search field and select Manage BitLocker . Assuming BitLocker is turned off, click the Turn on BitLocker link.
The next screen asks how you want to back up your recovery key. This one is a bit tricky—you’re presented with three choices: 1) Save to your Microsoft account; 2) Save to a file; 3) Print the recovery key. Don't know which to pick? Here's what you need to know.
Save to Your Microsoft Account
Saving the key to your Microsoft account is the most convenient option. Then, if you ever need to access the key, sign in to the BitLocker recovery page , where you’ll find the key in plain text next to the name of your computer. Simple, right? Ah, but there's a catch.
Microsoft could share your BitLocker key with law enforcement if it feels the request is valid. This stems from a January 2025 case in which Microsoft handed over a key to the FBI as part of an investigation into alleged unemployment fraud in Guam. A Microsoft spokesperson told Forbes that the company shares encryption keys with federal authorities upon receiving a valid legal order and that it receives around 20 such requests each year. The Guam incident was just the first publicly reported case.
If you don’t plan to pull off any capers that could land you in hot water with the feds, then choose Save to your Microsoft account and click Next to store your BitLocker key in Microsoft’s cloud. This is how I save my keys, but if you're concerned about potential leaks, consider one of the other methods.
Save to a File
If you choose Save to a file , you're prompted to download a text file that holds your recovery key. You can’t save it to your internal storage drive, since it's the one being encrypted. You’ll need to save it to a USB drive or network share and keep the device in a secure location. For that reason, a USB drive stored in a safe is probably your best bet.
Print the Recovery Key
The Print the recovery key option sends the key and the recovery information to your printer. In this case, you’ll want to ensure the printout is stored in a secure location.
Choose How Much of the Drive to Encrypt
The next screen asks if you want to encrypt only the used space on your drive or the entire drive. If you’re setting up BitLocker on a brand new computer, the first option is quicker and should suffice. If you’ve already been using your computer to install software and save files, then choose the second option to encrypt the entire drive. Click Next .
The next screen then prompts you to choose an encryption method, offering you two choices. The new encryption method option is designed for fixed storage drives and supports only Windows 11 and 10. Compatible mode is intended primarily for removable drives you may use with older versions of Windows. Assuming you’re running this on a drive in Windows 11, select New encryption method and click Next .
The final screen confirms that you’re ready to encrypt the drive. Check the Run BitLocker system check box to make sure the recovery and encryption keys can be read correctly, then click the Continue button.
You may then be prompted to restart your computer. Reboot your PC and sign back in to Windows. Return to the BitLocker settings screen, and the status should indicate that your system drive is being encrypted. If you wish, you can resume working in Windows while the encryption runs, though performance may be a bit sluggish until the process is finished.
After encryption completes, the settings screen will indicate that Windows BitLocker is enabled. From this screen, you’re able to suspend the protection, save the recovery key to a different location, or turn off BitLocker completely. Unless you run into performance problems or other issues with BitLocker, you shouldn’t have to suspend it or turn it off.
Encrypt a USB Drive
If you’re storing sensitive files on an external USB drive, you may want to encrypt that as well. With the drive connected to your PC, open the BitLocker settings screen and go to the Removable data drives section. Select the drive name, then click Turn on BitLocker .
At the next screen, select Use a password to unlock the drive , then enter a (complex and secure) password. You might even consider using a passphrase . Then click Next and choose the location to save the recovery key.
After that, you'll want to encrypt the entire drive, especially if it already contains files. At the next screen, choose Compatibility mode as the encryption technology so that you’re able to use the drive on any PC, including older versions of Windows. At the final screen, click the Start encrypting button.
After the drive is encrypted, the settings screen displays several options. You can back up the recovery key to a different location, change or remove the password, use a smart card instead of a password, turn on auto-unlock , or turn off BitLocker.
Recover an Encrypted Drive
Once BitLocker is enabled, nothing will change on your PC. It will still boot up normally and work as expected. The only time you might ever need to supply the recovery key is if you’re unable to boot due to hardware changes, a security risk, or a glitch with BitLocker. In any of those cases, you’ll turn to the recovery key you have backed up elsewhere. At the BitLocker recovery screen, type the key, and you should then be able to boot up again.
PCMag and Yahoo may earn commission from links in this article.
