BitLocker is Windows's solution to encrypt the full disk in order to protect your data from unauthorized access. It is recommended to turn on BitLocker if you have kept important work documents and private files and want to prevent them from information leakage in case your computer/drive is lost.
BitLocker can encrypt the operating system drive on your Windows computer or an external hard drive. When combined with a Trusted Platform Module (TPM) version 1.2 or later versions, BitLocker offers the highest level of security. The TPM is a hardware part that the manufacturers of many more recent computers have integrated. Even if there is no TPM on your computer, you can also enable BitLocker to encrypt the operating system volume.
Three authentication mechanisms can be used as building blocks to implement BitLocker encryption, namely transparent operation mode, user authentication mode, and USB key mode. It supports combining these authentication mechanisms to protect your drive such as TPM+ PIN, TPM+USB Key, TPM+PIN+USB Key, etc.
Once you turn on BitLocker drive encryption, whether on the OS drive or an external disk, whether there is TPM or not, it will automatically generate a BitLocker drive encryption recovery key used to decrypt the drive when the password is not working, and it asks you to choose a way to back up the recovery key, you can save it to your Microsoft account, save to a file, or print. Keep the recovery key secure!
By the way, enabling BitLocker drive encryption has no effect on the performance or boot time of your computer. It is a good choice if you want to protect the data on your drives.
Ciki Liu
Jenny Zeng
Vain Rowe
