In this post, we will see how to enable & use BitLocker To Go in Windows 10 to secure portable storage devices. Portable storage devices can be Flash drives, SD cards, external hard disk drives.
BitLocker To Go extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase. In addition to having control over passphrase length and complexity, IT administrators can set a policy that requires users to apply BitLocker protection to removable drives before being able to write to them. BitLocker To Go also allows users to more securely share data with users who have not yet deployed Windows
Secure portable storage devices
As you know, BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen and more secure data deletion when BitLocker-protected computers are decommissioned as it is much more difficult to recover deleted data from an encrypted drive than from a non-encrypted drive.
BitLocker To Go in Windows 10
BitLocker Drive Encryption on removable data drives is called BitLocker To Go. BitLocker is available in Windows 10/8 Pro, Windows 10/8 Enterprise and all editions of Windows Server 2016/2012.
We all use USB Flash drives or thumb drives. We carry them around since they are very small in size and convenient – and yet have a large storage capacity. But the chances are that you may misplace it, or someone may even steal it. So whatever is on that thumb drive can be viewed by anyone.
We will see how to secure our portable storage encrypting it using BitLocker To Go, so that no one can read them, unless one has a key to unlock it. We will see it how to do it step by step.
The following is a list of unlock options and the benefits and restrictions of each option.
- Smart Cart
- Automatically unlock.
Encrypt Flash Drive using BitLocker To Go
Connect your USB flash drive to be protected to your Windows system. Launch Control Panel by typing Control Panel in the Start Screen and look for BitLocker Drive Encryption icon and open it. If you can’t locate in Control Panel, just search for it in Control Panel search box.
You’ll get a screen like this, click on ‘Turn on BitLocker’ for your Removable data Drive.
If you cannot see ‘Turn on BitLocker’ link, click the arrow which is on the right of the Removable Drive name.
You’ll get to see this screen momentarily, initializing the Drive
You will next be asked how you want to unlock the drive. Like many people who don’t have a smart card based security, we will tick the checkbox for ‘Use a password to unlock the drive’. Type and retype a strong password and click Next.
You’ll next be asked – How do you want to back up your Recovery Key. This step is very important. If you forget your password or lose your Smart card, then you can use this backed-up recovery key to unlock your drive. So you can print it out and keep it safe or save it to a file or your Microsoft Account, in Windows 10/8.
Once it’s done, a message that the Recovery Key has been saved will be shown.Click on Next.
You will now be offered the option to encrypt the entire drive or only the used space on which data has been written to be encrypted. Actually, this is new in Windows 8/10. Earlier in Windows 7, BitLocker requires that all data and free space on the drive to be encrypted. And this entire process of encryption could take very long time on larger volumes.
When you choose Encrypt used disk space only option, only the portion of the drive that has data will be encrypted. The free disk space will not be encrypted. Thus, encryption completes much faster on empty or partly empty drives than previous implementations of BitLocker.
BitLocker encrypts new data automatically as you add it. Also if you are enabling BitLocker on a drive (or PC) that’s already in use, consider encrypting the entire drive. This ensures all data is protected, even those data that you had deleted earlier but that might still contain retrievable info. So choose accordingly.
Once you click Next, it’ll ask you to confirm – Are you ready to encrypt this drive. Click on Start Encrypting.
The Encrypting process will start. Depending on the size of the drive or how much data on it and your Computer speed, it’ll complete the encryption process.
Also, note various options now available in the background for the drive. Once encryption is complete, you’ll get the message.
Unlock Encrypted Drive using BitLocker To Go
Whenever you plug this encrypted Flash drive into the PC, you’ll get a message ‘This drive is BitLocker-protected’. It pops up at the top right corner for some time and then fades away
Before fading, if you click on that message, you’ll get the window to enter the password to Unlock the drive. Enter the password and click on Unlock.
If you are using the drive on the same PC, you have an option to ‘Automatically unlock on this PC’ too, when you click on More Options. However you’ll have to type the password when used on other PCs.
Anyway if you don’t click on the message, before it fades away, you can unlock it using File Explorer, where it gets listed as a Removable disk. Just right-click on the icon to get the ‘Unlock Drive…’ option.
Also note the icon before unlocking and once you unlock it, its icon changes.
This is how you encrypt and secure your portable devices and drives using BitLocker To Go in Windows 10. If you are a Windows 10/8 user and often keep important data, documents on a portable drive, don’t forget to secure it this way.
Turn off BitLocker To Go
If we want to use these drives as normal drives again, can we turn off BitLocker encryption? This is how you can do it.
Attach your Flash drive or any other portable storage device to your PC, unlock the drive by entering the password as suggested in the article. Once unlocked, from the File Explorer, right click on the Unlocked drive icon and click on Manage BitLocker.
The BitLocker Drive Encryption in Control Panel will open up.
Click on Turn off BitLocker option for your drive.
It’ll open a window, click on Turn off BitLocker. As your drive gets decrypted, it may take considerable time, but one can keep using your PC during the process.
Once done, your flash drives or other portable drives can now again be used as normal drives.