Microsoft BitLocker encryption tool

Even with strong password policies in place, it’s important to understand that if a malicious actor gets physical access to your hard drives, it’s easy for them to gain access to all stored data. All they have to do is plug the hard drive into another computer or boot another operating system from a USB drive.

This is particularly troublesome for companies with sensitive data kept on laptops. If a laptop is lost or stolen, important company documents could be exposed. 

Microsoft BitLocker is a full-volume encryption feature that’s been included in business versions of Microsoft Windows for the past 14 years. With BitLocker, you can encrypt your entire drive so that even if the hard drive is stolen, only authorized individuals can access its contents.

In our Microsoft BitLocker review, we look at the security tool’s strengths and weaknesses to decide whether it’s the best encryption software for Windows today. 

Windows 10 Pro

BitLocker is included in Windows 10 Pro, which is available as an upgrade from Home for $100  (Image credit: Microsoft)

Plans and pricing

BitLocker has been a feature included on some versions of Windows since 2007. If you’re running an Ultimate, Enterprise, Pro, or Education version of Windows Vista, 7, 8, 8.1, or 10, or any version of Windows Server after 2008, you should have access to BitLocker.

Many laptops are only sold with Windows 10 Home edition, though. To use BitLocker on these, you’ll need to upgrade to Pro at a cost of $100.

Not all of BitLocker’s features work on all systems, and the exact hardware requirements differ depending on your operating system. Most notably, to use the whole-system device encryption feature your computer needs a TPM (Trusted Platform Module) chip. 

Recovery Key Backup

Upon encrypting a drive, you’re given the option to back up a recovery key (Image credit: Microsoft)

Features

Full-volume encryption

After you set a drive to use BitLocker and leave some time for the system to encrypt the volume, files are automatically encrypted and decrypted on the fly. If a thief were to plug the drive into another computer, all the files would be unreadable unless they also had access to the recovery key.

Encrypting

It can take between minutes and hours to encrypt your drive depending on its size and contents (Image credit: Microsoft)

Multiple encryption code options

As long as you have a TPM 1.2 or 2.0 chip, BitLocker can work transparently. This way, you simply log into Windows as usual. Alternatively, you can set up user authentication mode, where users need to provide some form of authentication like a PIN or password before the computer will boot. You can also use a USB device or smartcard for authentication, or a combination of methods.

To avoid loss of data, you can back up a recovery key to your online Microsoft account, a USB flash drive, a file, or a printout.

Encryption Options

Windows 10 (version 1511 and later) includes the option to use XTS-AES encryption instead of AES (Image credit: Microsoft)

Interface and in use

One of the strengths of BitLocker over third-party solutions is how it’s integrated into the operating system. Once you’ve switched BitLocker on, it works quietly in the background.  

Windows Control Panel

You can manage BitLocker through the Windows control panel (Image credit: Microsoft)

Administration is performed in the Windows control panel or you can right-click on a drive and choose Manage BitLocker. Here, you can change the password, back up your recovery key, and encrypt the content of removable drives.

Support

Microsoft support was able to quickly answer our simple query on BitLocker (Image credit: Microsoft)

Support

For home users, support for Microsoft products including BitLocker is available via live chat and community forums only. Business users have the option of calling the Microsoft technical support line in most countries.

In our testing of the live chat support from Microsoft, we found the wait time to be an average of 15 minutes, but sometimes up to an hour. A note on the website suggests longer wait times at this time are caused by COVID-19.

The competition

A common concern about BitLocker is that it’s proprietary software, so it's not possible to test whether Microsoft has included a secret backdoor for law enforcement and governments. Microsoft denies there’s an intentional built-in backdoor in BitLocker, though there is proof that  the UK Home Office at least attempted to get Microsoft to introduce one in 2006.

If this is a concern, open-source volume encryption software exists. VeraCrypt is arguably the best open-source alternative to BitLocker. It’s free to use, you can view all the source code, and it’s available for macOS and Linux, too, not just Windows.

Final verdict

BitLocker is a relatively simple way to encrypt an entire volume on Windows, keeping your files safe even if your computer falls into the wrong hands. It’s particularly useful for people with laptops containing sensitive or important documents.

It’s a shame it’s not available on all versions of Windows. BitLocker also has different system requirements based on the version of the operating system you’re running, and some features don’t work unless you have the right hardware set up in a particular way, so using BitLocker in an enterprise full of disparate hardware can get messy.

But overall, it’s a strong product for encrypting an entire drive, and Microsoft is continuing to keep it relevant by adding new features and better security.

Post a Comment

0 Comments