BitLocker is a security feature for Windows devices. The purpose of encryption is to prevent unauthorized access to your system and keep your data safe and secure. To learn more about BitLocker, you can read our blog about full disk encryption and hard drive encryption. BitLocker can be used on all Windows devices, including laptops, tablets, smartphones, and virtual machines (VMs). The BitLocker feature is only available in Windows 10. If you’re running Windows 8 or earlier, BitLocker isn’t installed by default. You can download it from Microsoft’s website. BitLocker uses hardware-based encryption technology to protect data. When you turn on the BitLocker feature, your device creates a special partition that stores encrypted data. Only you can access this data when you log into your account. When you turn off the BitLocker feature, the partition doesn’t exist. Your data isn’t protected anymore.
Bitlocker Recovery Keys: What Are They?
When a drive is encrypted using BitLocker, a BitLocker recovery key (or Microsoft recovery key) is generated. If the user forgets or loses the password to an encrypted drive, the recovery key can be used to unlock/decrypt it.
The recovery key is stored in a hidden area of the encrypted drive (called the Recovery Partition). A BitLocker recovery key is a 128-bit alphanumeric string and, as such, has a maximum length of 16 characters. A user’s recovery key is the same for all encrypted drives that are created on their system. The user can use this recovery key to decrypt any drive that BitLocker protects. The first time you create a new encrypted drive, a recovery key is generated automatically.
How Do Bitlocker Work in Windows 10 And Windows 11?
If a device meets the BitLocker hardware requirements (see the previous section for details), device encryption is automatically enabled. During Windows Setup, the operating system drive is encrypted with a clear key and created the necessary partitions. After completing the steps below, the drive will be encrypted.
- Ensure that you have administrator rights on the device before signing in with your Microsoft account. With that action, the user removes the clear key, uploads a recovery key to their OneDrive account, and encrypts the data on the system drive. The process runs automatically and is compatible with all versions of Windows 10 and Windows 11.
- Sign in with an Active Directory account on a Windows domain or an Azure Active Directory account. Windows 10 or Windows 11 (Pro, Enterprise, or Education) are required for either configuration. The recovery key must be saved in a location accessible to an administrator of the domain or Active Directory.
- When logging in with a local account on a device running the business edition of Windows 10 or Windows 11, you must enable encryption on available drives using the BitLocker Management tools.
Windows will offload the encryption and decryption of data to solid-state drives that support hardware encryption when they are self-encrypting. You will need a firmware upgrade for those SSDs; for older drives without the firmware upgrade, you can configure BitLocker to enforce software encryption as described in this Microsoft Security Advisory. This feature has a vulnerability first disclosed in November 2018 that may expose data under certain circumstances.
It should be noted that Windows 10 and Windows 11 still support the much older Encrypted File System feature. The Windows 2000 operating system introduced this type of encryption system. BitLocker is a better option for most modern hardware. It’s a great idea to use an encrypted file system, but it isn’t essential. A: You don’t see any information about the disk in Disk Management because the disk is not formatted or partitioned. If you want to create a new disk (or partition) with some space for data, you can either do so using Disk Management or use a tool like Disk part. A man has been charged with sexually assaulting a child at a school in northern Sydney.