How to Encrypt Your Computer: Part 2 header image

How to Encrypt Your Computer: Part 2

In my last post, I wrote about how to encrypt your computer. Did you notice that I didn’t talk about Windows? There’s a reason that I left it out.

Encrypting a computer with Windows installed on it is a bit more complicated than macOS, iOS, and Android. Sometimes encryption is built in, and sometimes it isn’t. And if it is built in, there are more steps you need to follow to turn it on.

How do you know if encryption is there or not? First, check what version of Windows you have. Everything in this post applies to Windows 10, but the steps are similar in Windows Vista, 7, and 8.

Windows Professional and Education

If your computer came with the Professional or Education version of Windows, you are in luck. You have BitLocker, Microsoft’s own encryption program. Here’s how to enable it on your own computer.

Open up the Control Panel app and click System and Security. In that menu, click BitLocker Drive Encryption and turn it on.

Screenshot of BitLocker Drive Encryption menu in Control Panel

When you start this process, Windows will ask you how you want to unlock your drive at startup – by inserting a USB flash drive or creating a password. Which one should you choose? That depends whether your computer has TPM installed.

Screenshot of unlock options in BitLocker setup

TPM, or Trusted Platform Module, is a microprocessor that stores encryption keys. If your computer had Windows Professional or Education pre-installed, it probably has TPM. Your best option is “Enter a password.” If your computer doesn’t have TPM, then choose “Insert a USB flash drive,” because you’ll need it store the encryption keys. Then, click the Next button.

What if you forget your password? You’re going to create a recovery key; like the name implies, it will recover your files if something goes wrong with your password. You have four options for storing your recovery key: your Microsoft account, a flash drive, a file on your hard drive, or printing it on a piece of paper.

Next, you’ll pick how much of your hard drive to encrypt. If you’ve been using your computer for a while, choose “your entire drive.” If your computer is brand new and never been used before, choose “used disk space only.” After you have chosen the encryption mode, your last step is to run the BitLocker system check. This is very important because you need to make sure that your recovery and encryption keys are in good shape. Then your computer will restart so that the encryption process can begin.

When your computer comes back on, you will have to type in the password that you created earlier. After that, you will see your desktop just like you normally do. BitLocker is actually working in the background to encrypt everything. While it’s doing that, your computer may run a bit slower than normal. If you want to see this working in real time, go back to the BitLocker Drive Encryption menu in the Control Panel app. When this is done, the drive will be labelled “BitLocker on” and a padlock will appear on top of your hard drive icon.

Screenshot of hard drive with  BitLocker on and a padlock icon

Windows Home

Encrypting a computer with the Home version of Windows is a little more complicated. Windows Home edition doesn’t come with BitLocker, and you can’t just download BitLocker on its own. What can you do if you don’t want to upgrade your version of Windows?

Some computers with Windows Home have device encryption. Just like BitLocker, it will keep your files secure. But only computers with advanced hardware and firmware will have device encryption. This means your computer must have TPM, UEFI boot mode, and Modern Standby – a sleep mode that can turn on and off quickly.

What’s the easiest way to find out if your computer has device encryption? Open up Settings and click on Update & Security. If there is an item called Device encryption, select that and then click the button to turn it on.

Screenshot of Windows 10 device encryption menu

If you don’t see an option for device encryption, don’t worry. There may not be a built-in option, but you can still encrypt your computer. You’ll just need to download some new software to do it. Next time, I’ll show you how to do this with VeraCrypt.

Sharing is caring: