{"id":1149,"date":"2013-07-13T19:11:22","date_gmt":"2013-07-14T00:11:22","guid":{"rendered":"http:\/\/swildow.darktech.org\/wp\/?p=1149"},"modified":"2013-07-13T19:11:22","modified_gmt":"2013-07-14T00:11:22","slug":"using-bitlocker-in-windows-best-practice-guide","status":"publish","type":"post","link":"http:\/\/www.wildow.com\/blog\/?p=1149","title":{"rendered":"Using Bitlocker in Windows (Best Practice Guide)"},"content":{"rendered":"

Using Bitlocker in Windows (Best Practice Guide)<\/h1>\n

By\u00a0Mike Halsey MVP<\/a>\u00a0on March 9, 2012 – Tags:encryption<\/a><\/p>\n

http:\/\/www.ghacks.net\/2012\/03\/09\/using-bitlocker-in-windows\/<\/a><\/p>\n

<\/p>\n

\n

If you use a laptop for work, or it you carry important or sensitive data with you then it should be encrypted.\u00a0 Put simply the repercussions of not using encryption are far too serious to imagine with substantial fines being probably the least significant to a loss of customer and market confidence being the worst.\u00a0 For a small company though the fines for not complying properly with data protection regulations and leaving information “in the open” can shut a company down.\u00a0 For the individual you could find that suddenly everything a criminal needs to steal your identity is in the public domain.<\/p>\n

Note: Bitlocker\u00a0can be found in Windows Vista and Windows 7 Enterprise and Ultimate editions<\/p><\/blockquote>\n

There are various encryption technologies available, many great ones for free, but it is becoming more common now for laptops to ship with Trusted Platform Module (TPM) chips.\u00a0 These chips help store encryption keys for Microsoft’s Bitlocker full-disk encryption technology.\u00a0 Using Bitlocker means that even if a hard disk is physically removed from a computer, the data can never be accessed as the TPM chip on the computer’s motherboard isn’t able to verify the unlock password.<\/p>\n

Bitlocker is a highly effective technology but like all encryption it needs to be used with care.\u00a0 If you have a TPM chip on your computer’s motherboard then the full Bitlocker options are available to you and it is very easy to set up.\u00a0 In the main Bitlocker window you can choose which drives you want to encrypt.\u00a0 The main OS drive will always need to be encrypted so you will need to do this first, you cannot encrypt any secondary drives unless the main drive containing your copy of Windows is encrypted first.<\/p>\n

Note: Bitlocker does not support dual-boot systems and you will find yourself locked out of\u00a0your computer regularly under this circumstance.<\/p><\/blockquote>\n

\"\"<\/p>\n

As with\u00a0most encryption technologies you will need to keep a copy of your unlock key.\u00a0 In Windows Vista and Windows 7 you have the choice of keeping it on a USB Pen Drive, as a file or to print it.\u00a0 Windows 8 adds the option of saving it to SkyDrive.<\/p>\n

My personal recommendation, as someone who has used Bitlocker and even been locked out of my own computer by it due to a Startup fault with Windows, is that you should\u00a0always<\/em>\u00a0keep a copy on a USB Pen Drive and a secondary copy in the cloud on a service such as SkyDrive.\u00a0 If you have a problem starting Windows for whatever reason, as I once did, you will be completely locked out of your computer unless you provide the proper unlock key(s); there will be one for each drive that is encrypted.\u00a0 You should keep this Pen Drive safe and carry it with you when you go away just in case (though it should\u00a0always<\/em>) be kept separate to your laptop for obvious reasons.<\/p>\n

The copy in the cloud is there just in case you forget it, lose the Pen Drive or delete the key accidentally.\u00a0 From the cloud you can download a copy to another Pen Drive that you can then use to start your computer.<\/p>\n

\"\"<\/p>\n

Bitlocker also offers additional security options that you might want to consider.\u00a0 These include automatically unlocking drives when a user logs onto Windows.\u00a0 If you know the password to access Windows, and that password is itself secure (usually a minimum of 10 characters and a mixture of upper and lower-case letters, numbers and symbols) then this will normally suffice.<\/p>\n

For drives containing particularly sensitive data however you can set Bitlocker to require anadditional<\/em>\u00a0password to unlock the drive, or to require the use of a smart card, if supported by your hardware with a slot loading or contactless smart card reader, to gain access.\u00a0 This can provide an additional level of security that might be very useful\u00a0for research, military, health, financial\u00a0or governmental use.<\/p>\n

\"\"<\/p>\n

Remember that if you ever lose your Bitlocker encryption key file(s) you can go back into Bitlocker in Windows and save addition copies.\u00a0 If you do not then you face the prospect of being locked out of your data forever.\u00a0 Thus it is always important to use any encryption technology in conjunction with a secure but unencrypted backup.\u00a0 This might seem folly, but there are ample ways these days to keep very secure backups without them requiring encryption.\u00a0 Don’t forget that almost no desktop PCs come with TPM chips and neither support nor require the full features of Bitlocker.<\/p>\n

As an encryption technology Bitlocker is incredibly secure and for laptops it should be mandated in business.\u00a0 If your company is buying new or additional laptops soon, then a TPM chip should be very high up on the list of purchasing priorities for each one.\u00a0 If you use a laptop at home that you carry out and about and can afford the price premium that a TPM chip costs, then the use of Bitlocker is both incredibly simple to use and worth every extra\u00a0penny for the peace of mind.<\/p>\n

Enjoyed the article?:<\/strong>\u00a0Then sign-up for our\u00a0free newsletter<\/a>\u00a0or\u00a0RSS feed<\/a>\u00a0to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.<\/div>\n","protected":false},"excerpt":{"rendered":"

Using Bitlocker in Windows (Best Practice Guide) By\u00a0Mike Halsey MVP\u00a0on March 9, 2012 – Tags:encryption http:\/\/www.ghacks.net\/2012\/03\/09\/using-bitlocker-in-windows\/<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1149"}],"collection":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1149"}],"version-history":[{"count":1,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1149\/revisions"}],"predecessor-version":[{"id":1150,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1149\/revisions\/1150"}],"wp:attachment":[{"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1149"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1149"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.wildow.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1149"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}