With USB flash drives constantly increasing in capacity, it’s now feasible to carry all your personal data with you on your keychain. Although this conveniently makes data available whenever you need it, it also exposes your data to loss. Seriously ask yourself what it would mean if that data fell into the wrong hands. If, like most people, the thought of someone trolling through your personal files sends a chill up your spine, then BitLocker To Go is for you.
BitLocker To Go protects removable media, such as USB drives, with 128-bit encryption by default. This encryption scrambles all the data on the drive, making it unrecoverable unless properly authenticated by a password, smart card or recovery key. That means even if someone acquires your flash drive, they’d be unable to access your data.
Windows 8’s BitLocker To Go is only available in the Professional and Enterprise editions. However, a drive encrypted with BitLocker To Go is still readable and editable in any version of Windows 8 or 7, provided you supply the correct password or smart card. You can also get read-only access in Windows XP and Vista by using the BitLocker To Go Reader, but only if the drive uses the FAT, FAT32 or exFAT file systems; encrypted NTFS drives are only supported on Windows 7 and 8.
Encrypting a USB Drive
1. Insert the USB drive into an available USB port and press “Win-E” to open File Explorer.
2. Right-click the USB drive letter and click “Turn BitLocker On.”
3. Check “Use a Password to Unlock the Drive,” enter the same password in both fields and click “Next.” Choose a strong password of at least eight characters, numbers and/or symbols. Alternatively, check “Use My Smart Card to Unlock the Drive,” but this option requires a separate card to authenticate the drive, so it’s not the most convenient option if you regularly travel with the drive.
4. Choose one or more methods of backing up the 48-character recovery key, which can be used in place of a forgotten password, and then click “Next.” You have to select one method, or the “Next” button won’t be available. You can choose to save the recovery key to your Microsoft account, save it to a file or print it out.
5. Select “Encrypt Used Disk Space Only” if you’re using a new USB drive that never had data on it and then click “Next.” If the drive previously contained personal data that was deleted, select “Encrypt Entire Drive” instead, so the deleted files will be unrecoverable. This option, however, will lengthen the encryption time.
6. Click “Start Encrypting” when you’re ready to encrypt the drive. A progress bar then appears, so you’ll have an idea how much longer the process will take. Depending on the size of the drive and your previous selection, encryption could take minutes or hours.
7. Click “Close” when encryption completes. The drive is then encrypted, but it remains unlocked until you eject it from your computer.
8. The next time you insert the drive in a Windows 8 computer or a Windows 7 computer with AutoPlay enabled, you will be prompted for a password. If you don’t see this window or navigate away from it, right-click the drive in File Explorer and select “Unlock Drive” to get the password prompt.
9. Click “More Options” to use the recovery key in place of a password. You can also check “Automatically Unlock on This PC” to automatically authenticate the USB drive on the current computer, so subsequent insertions don’t require a password.