There is an abundance of free encryption tools, but if you’re running Windows, BitLocker is the only tool most people need, especially for home use. Although its encryption function is only available on Windows Pro, Education, and Enterprise editions, the Windows Home edition can still access encrypted drives when given the proper authentication.
Who needs drive encryption?
Everyone can benefit from safer storage space
BitLocker (and drive encryption in general) adds a layer of security for important files. On mobile devices, BitLocker can prevent unwanted data breaches if the device gets lost or stolen.
For me, when I left my previous journalism role, I moved all my sources and references—images, interview transcripts, webinar notes — into an encrypted, unmounted BitLocker drive for safekeeping. Additionally, the drive also stores my financial documents, like tax returns. The benefit of using a virtual drive image is that I can make copies of it and store them at different locations for redundancy.
The benefit of using BitLocker
Keeping files safe from unwanted access
BitLocker can apply enterprise-grade encryption on pretty much any fixed, removable, or virtual storage device connected to the PC, and it does it for free. It’s a part of Windows, so there’s no extra software to install. It’s easy to set up, too, which makes it accessible for home users.
How I turned an old USB drive into a secure unlock key for my PC
Turn your old USB flash drive into a secure unlock key for additional PC security.
For enterprise, BitLocker works well with the Microsoft configuration provider and Group Policy, centralizing management for admins. There is also robust documentation and support available. And for removable storage, there’s BitLocker To Go, which uses a slightly different encryption method but is functionally identical to how it works on fixed drives. For specific customizations or support, there’s always Microsoft or a service partner to call.
To encrypt the boot drive using BitLocker, the drive must be formatted with the NTFS file system.
Despite its utility, however, BitLocker has been abused by ransomware, such as ShrinkLocker, to maliciously encrypt drives and extort money from its victims. It’s popular precisely because it uses a legitimate tool built into Windows, thus able to slip past the notice of antivirus software.
How to enable BitLocker
Right-click, and done
Enabling it for entire drives is as simple as right-clicking on the drive icon and selecting the “Turn on BitLocker” option from the context menu. Alternatively, it can be set up through the “BitLocker Drive Encryption” page under Windows’ “System and Security” panel.
On devices without a Trusted Platform Module (TPM), BitLocker will ask for a password (preboot authentication) or a removable device that contains the startup key. TPM is a component built into the motherboard used to store cryptographic keys and is mandatory to run Windows 11.
At a minimum, BitLocker requires a password before revealing the drive’s contents. It can also combine with other security measures, like an external hardware key or TPM, to strengthen authentication. Unlocking other volumes and VHDs from within the OS is easier; just double-click on the drive and enter the password.
Does BitLocker reduce performance?
Surprisingly little on a modern system
Encryption got a bad rap for being a time-consuming and processing-intensive task. That was true over a decade ago, when performance really did take a hit when drive encryption was enabled on hard disk drives. However, with the advent of more efficient hardware-accelerated encryption and fast solid-state drives, encryption no longer slows the system to a crawl.
How to use BitLocker to encrypt your external drives in Windows
It only takes a minute to secure your device
On a system with a modern-ish processor (anything made after 2011) and even a basic SATA SSD, the performance impact should be negligible for all but the most intensive disk loads. A test conducted by iSunShare showed that while write performance on its HDD (a 7,200 RPM 1 TB Seagate Barracuda) dropped by as much as 60 percent with BitLocker enabled, its read performance remained largely unaffected. When tested with a basic SATA 3 SSD (a 240 GB Toshiba Q200EX), it saw less than a 1 percent drop in read performance and a 5 percent drop in writes.
A few extra things to manage
Keep the password and the recovery keys safe
Extra keys mean more things to lose. If the user forgets their password or PIN, or somehow loses their removable startup key, then the only way to decrypt the drive is by using the recovery key (generated when BitLocker is enabled for a drive), which can also be easily lost. Safely storing the recovery keys — digital or physical — is a hassle in its own right. And while unlikely, if the TPM module breaks, then so do all of the keys stored in it. Enterprises have mitigation strategies for these scenarios, but a less prudent home user may not.
BitLocker is good, but there are other options
Especially outside of Windows
While BitLocker is great for Windows, there are many other equally excellent encryption tools that offer similar protection with more features. One that comes to mind is VeraCrypt. On top of encryption, VeraCrypt offers more encryption algorithms, is cross-platform, and can hide volumes. Still, BitLocker is convenient and more than safe enough for most people without hampering performance.