What is BitLocker Drive Encryption?

Instructor: Martin Gibbs

Martin has 20 years experience in Information Systems and Information Technology, has a PhD in Information Technology Management, and a master's degree in Information Systems Management. He is an adjunct professor of computer science and computer programming.

In this lesson, we will cover BitLocker drive encryption, a feature in Windows products that encrypts drives and protects the machine from unauthorized modifications to startup and system files. Updated: 08/19/2021

BitLocker drive encryption

Take your bits and lock them up!

Secure Your Data!

BitLocker is a security feature added in Windows Vista (also available in any higher version) that protects a computer's file system. BitLocker encrypts disk drives and their contents. When encrypted, others cannot see your files even if the computer had been stolen or the hard disk was taken. BitLocker also works on removable storage drives. In order to access an encrypted drive, users must authenticate/login to access the data.

Windows also use the Trusted Platform Module (TPM) to determine if any of the computer's startup processes have been altered. The Trusted Platform Module Manager was also introduced with Windows Vista. The TPM is a microchip added to the machine to provide security functions, mainly focused on encryption of data. By leveraging both BitLocker and TPM, data is locked until the right credentials are passed to the machine.

In addition to a login/password, a PIN or startup key can be used to prevent unauthorized access to the data on the drive; on either type of drive (fixed or removable), users can login to BitLocker-protected data by using a password or smart card.

System Verification

As mentioned previously, BitLocker secures the operating system and the drives of computers. It does this by performing the following system integrity processes:

  • Check the integrity of the startup files of the operating system
  • Ensure that software on the machine (e.g., malware or other malicious tools) cannot interfere with the startup process or operating system drive
  • Lock the system if anything is altered. The system will not start; instead, it goes to a simple recovery process.

Setting up BitLocker

The BitLocker setup wizard is available in either Windows Explorer or the Control Panel. Remember, the operating system should also have the Trusted Platform Module (TPM) to fully take advantage of the encryption features.

Unlocking BitLocker-protected drives

There are four methods to unlock data that has been encrypted with BitLocker: (1) TPM-only, (2) TPM with startup key, (3) TPM with PIN, and (4) TPM with both startup key and PIN. These methods only work with TPM-compatible computers (Windows Vista and higher):

TPM only

This is the most transparent option, meaning the user only needs to login to the computer. If BitLocker detects that there are changes to operating system startup files, it triggers a recovery mode, and a recovery password is needed to gain access.

TPM with startup key

Part of the encryption key is stored on a USB drive (the startup key). Not only must a user login to the computer but insert the external USB drive in order to authenticate.

TPM with PIN

In addition to logging into the system, a user must provide a PIN; data on the encrypted drive is inaccessible without the correct PIN.

TPM with both startup key and PIN

This is considered multi-factor authentication because both the PIN and the USB drive (key) are required to login to the encrypted drive(s).

Using BitLocker without TPM

Not all machines will have TPM; since it is a microchip, simply upgrading an old computer to a newer version of Windows can't also install hardware! For computers that do not have TPM, the only option is the startup key.

Since the computer cannot leverage TPM, all of the encryption key information has to be stored on the USB drive. The drive is inserted during startup, and the key on the drive unlocks the protected device. Again, ALL of the key information is on the flash drive! This provides protection, but if both the computer and drive were stolen, a criminal has full access to the machine and its data!

Using BitLocker on removable drives

BitLocker can also be used to protect removable drives (external hard drives, USB drives, etc.) through the following: Password, smart card, or automatically unlock.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it now
Create an account to start this course today
Used by over 30 million students worldwide
Create an account