BitLocker is a partition-level encryption solution that comes with Windows 8.1 Pro. It works better on a computer equipped with TPM chip, a dedicated component designed to secure hardware by integrating cryptography keys into devices because all encryption/decryption work all seamlessly and transparently to the end users. Once it’s on, it’s always working without users even knowing it. No extra password needed.
But if you don’t have a computer that has TPM, you can still use BitLocker to secure your computer. This post provides a detailed step-by-step instruction to show you how.
Table of Contents
You need Windows 8.1 Pro edition
First of all, make sure you have Windows 8.1 Pro installed as it’s the required operating system that comes with BitLocker. If you have only Windows 8 running, you will need to upgrade to 8.1 Pro first.
Enable an extra Group Policy setting
Press Win+R, type “gpedit.msc”, and press Enter to launch Local Group Policy Editor.
Go to Computer Configuration → Administrative Templates → Windows Components → BitLocker Drive Encryption → Operating System Drives, double-click option “Require additional authentication at startup”
Then, select Enabled radio button, and check option “Allow BitLocker without a TPM“. OK to save the change.
Close Group Policy Editor and move to next step.
Turning on BitLocker
Open Windows Explorer, right-click your C drive, and click Turn on BitLocker.
Select “Enter a Password” when prompted how to unlock your drive at startup.
Type a strong password at next screen, and go to Next.
Pick one of 3 options to back up your recovery key. Use a USB flash drive is the easier if you have one around. The USB flash drive that has your recovery key on it is not required to boot the encrypted system. It’s purely for recovery purpose.
Choose one of 2 options to how you want to encrypt your drive, encrypt used space only or entire disk. It doesn’t really matter which way to go with. I always choose to encrypt used disk space as it’s much faster.
Continue on to finish the rest steps, and reboot your computer once done.
Then enter the encryption password created above. If you successfully get into your Windows, you are all set. The encryption process will start automatically after it gets to the desktop.
That’s it. Your computer is now fully protected by BitLocker encryption. Note that the key to this process is the complicity of the password you choose when turning on BitLocker on your system drive. The more complicate the password is, the more secure your computer is under the protection of BitLocker. I would recommend using a password phrase instead of a strong but hard-to-remember password, such as a quote from one of your favorite movies.