Hard drive encryption protects from two things. Firstly, nobody can tamper with your computer (e.g. install backdoors) if you leave it unattended. Secondly, your files remain secure in case the laptop is stolen.
There are many situations these could happen:
Full disk encryption is a very effective way to protect yourself and your sources in these situations. Read on to configure BitLocker full disk encryption on Windows 10.
BitLocker is the built-in full disk encryption software in Windows. Unfortunately, not every edition of Windows features this tool. Firstly, check whether you have Windows Pro or Enterprise edition on your device.
If you have another version than Pro or Enterprise, you must buy an upgrade from Microsoft. The good news is that you don't need to reinstall everything, the upgrade happens automatically in the background once you purchased a new product key. Follow these instructions to upgrade your system.
If you are presented with the following error, follow the instructions in the Using BitLocker without a TPM chip section. Otherwise, scroll-down to the Using BitLocker with a TPM chip section.
The error means that a thing called TPM chip is missing from your laptop. This chip is normally used to store the disk decryption key in a secure manner. In case the chip was not installed by the manufacturer of your computer, you can still use BitLocker and unlock your disk with a password instead.
Be careful. If you forget your password and lose the backup recover key, the contents of your hard disk is lost forever
If you choose to write your backup recovery key down, never store it along with your laptop (e.g. laptop bag, your wallet)
Once you wrote key recovery key down, delete the PDF file. Empty the Recycle Bin if necessary.
You will need to supply your password every time the computer is restarted
Your main hard drive is encrypted. Good job! Do not forget that all your portable drives and USB sticks should also be encrypted. Go back to our guides and read more about the encryption of portable drives.
If your computer has a TPM chip, the configuration should be very straightforward. Unfortunately, I do not have access to a computer with a TPM chip there is no guide on this one. Until then, follow the instructions on the this site.
Please help us expanding this guide by contributing. Check out the community section to get in touch with us!
To complete the process, you must enable auto-lock on your screen. In case your computer is unattended for a couple of minutes, the PC will lock itself. You will need to re-enter your user password (not the BitLocker password) to continue your work.
Photo courtesy of Jeff Kubina