BitLocker is a full-volume encryption feature with high security, and so far, it can't be cracked unless you format your disk.
By default, it uses the AES encryption algorithm in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. CBC is not used over the whole disk, and it is applied to each individual sector.
Usually, BitLocker takes the following three ways to encrypt.
- Transparent operation mode
- User authentication mode
- USB Key mode
And the above three authentication mechanisms can be used as building blocks to implement BitLocker encryption. And the following combinations of authentication mechanisms are supported, all with an optional escrow recovery key:
- TPM only
- TPM + PIN
- TPM + PIN + USB Key
- TPM + USB Key
- USB Key
- Password only
All the above statements can illustrate that BitLocker has high security and it is safe to use.
And you can follow the below steps to enable BitLocker:
- Open Start.
- Search for Control Panel and click to open the app.
- Click on System & Security.
- Click on BitLocker Drive Encryption.
- Turn on BitLocker under the drive you want to encrypt.
- Select a storage method to save the recovery key.
- Save to your Microsoft account
- Save to a file
- Print the recovery
What you need to pay attention to is that the recovery key and the password are the only two ways to unlock the BitLocker, or else you need to format your disk and your data will lose.